Worm.Ahkarun.A
Worm.Ahkarun.A is a worm that records your IP address and uses an internal email client to send this information to remote criminals. Harvesting IP addresses is often a preliminary action before more serious attacks on a PC begin. Like most worms, Worm.Ahkarun.A can spread to new computers by copying itself to removable storage devices. Since Worm.Ahkarun.A alters the Registry and can be a serious security hole for your PC, you should remove Worm.Ahkarun.A with an appropriate security program as soon as you learn that you have a Worm.Ahkarun.A infection.
The Many Copies of Worm.Ahkarun.A That You Should Beware Of
Originally, Worm.Ahkarun.A was seen in 2008, but Worm.Ahkarun.A infections have been confirmed in 2011, showing that Worm.Ahkarun.A remains a credible threat.
Worm.Ahkarun.A can be detected by a number of aliases most of which are named after the Autorun exploit that Worm.Ahkarun.A abuses: Worm/Autoit.UY, Worm.AutoRun.DGM, Win32/SillyAutorun.GD, Worm.Autorun-853, Win32/AutoRun.KK, Worm.Win32.AutoRun.dbi, AutoRun.CJQ, W32.SillyDC and Trojan-Spy.Win32.Agent.bbq are all potential Worm.Ahkarun.A aliases.
Worm.Ahkarun.A spreads by copying Worm.Ahkarun.A's files (consisting of multiple executable files, a dynamic link library file, a library file and an Autorun file) to removable devices. Worm.Ahkarun.A often gives these files friendly Windows folder icons to trick you into launching these files by mistake. The Autorun.inf file will also configure the files to launch themselves whenever the storage device is plugged into a new computer. Once launched, Worm.Ahkarun.A will copy Worm.Ahkarun.A's files to the Windows folder.
These files may be invisible if you use default file-viewing settings; Worm.Ahkarun.A hides them with the Hidden and System attributes, as well as declaring them Read Only to prevent you from altering them.
The Purpose of a Worm.Ahkarun.A Attack
Worm.Ahkarun.A infections change the Windows Registry to allow Worm.Ahkarun.A to start when Windows starts. Other Registry changes let Worm.Ahkarun.A launch Worm.Ahkarun.A's internal email client invisibly; email activity from this client won't be visible and messages sent from it won't show up in your online mailbox.
After that, Worm.Ahkarun.A proceeds to gather your IP address by visiting an IP-tracking website, and then sends an email message with this information to an anonymous criminal. IP-harvesting is often used to enable remote attacks, and may allow criminals to use Worm.Ahkarun.A to recruit your PC into DDoS activities, install other malicious programs or steal personal information.
Although the baseline damage that Worm.Ahkarun.A can cause is minor, the potential for exploitation is significant. Despite the lack of visible symptoms or problems that are related to Worm.Ahkarun.A infections, you should delete Worm.Ahkarun.A threats quickly and with any anti-virus tools that are at your disposal.
File System Modifications
- The following files were created in the system:
# File Name File Size (bytes) File Hash 1 iexplore.exe 282,769 4ae593d6b2a5cc06e53129768f33155f
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN iexploreHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ iexplore
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.