Worm:Win32/Hamweq.A
Posted: February 8, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 5/10 |
---|---|
Infected PCs: | 389 |
First Seen: | December 1, 2010 |
---|---|
Last Seen: | November 11, 2020 |
OS(es) Affected: | Windows |
The Worm:Win32/Hamweq.A worm is a unique worm infection with unusual properties that make it readily detectable even for novices, such as creating a fake Recycle Bin. The primary threat posed by this worm is in its ability to compromise the user's control over his or her own computer. An infected system can be manipulated into downloading and executing malicious files or may be used for other purposes, such as targeted Denial of Service attacks. Worm:Win32/Hamweq.A should be considered a major security threat and be removed using the usual methods for deleting malware.
The Start of the Worm:Win32/Hamweq.A Story
Worm:Win32/Hamweq.A first appeared around 2008, and began spreading itself through the use of removable devices. USB 'thumb drives' and other portable hard drive devices can be used to infect a computer with Worm:Win32/Hamweq.A, although it's been reported to limit attacks to weaknesses within the Windows operating system. It will copy itself as a hidden system file to prevent users from seeing it, and then attempt to crawl onto any new systems it encounters. The worm has been updated periodically for at least two years, which may make older software ineffective at detecting it. Worm:Win32/Hamweq.A's origin point is strongly suspected to be the Czech Republic.
What W32/AHKHeap-A Does to Your System
The Worm:Win32/Hamweq.A infection begins its work by infecting the Internet Explorer executable, and then creates registry entries and a fake Recycle Bin. It uses a desktop.ini file and other methods to trick Windows itself into thinking this Recycle Bin is legitimate. In reality, this fake Bin is just a cozy nest for the worm to hide within. Only one copy of Worm:Win32/Hamweq.A will run at a time, and it may even disable older copies of itself.
Worm:Win32/Hamweq.A will also open up a backdoor security hole to connect to IRC. It may contact various servers, such as crank.dontexist.com, lebanonbt.info, or tassweq.com. Once connected, the computer may download and run malicious files or be remotely controlled in other ways.
What W32/AHKHeap-A Means for You
If you're noticing oddly open ports, your Recycle Bin behaving unusually, new files that don't belong on your system, or outbound traffic you didn't initiate, these may be signs of Worm:Win32/Hamweq.A's presence. Since allowing it to remain is essentially giving control of your computer to an anonymous criminal, deleting Worm:Win32/Hamweq.A should be high-priority.
To remove Worm:Win32/Hamweq.A for good, you should remove all registry entries and delete all files. This may be done manually or with the help of anti-malware software, but in either case the infection cleaning should be done in Safe Mode. This will help prevent Worm:Win32/Hamweq.A from running, and in turn ensure that the removal process goes smoothly.
Aliases
More aliases (815)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%SystemDrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
File name: ise32.exeSize: 41.98 KB (41984 bytes)
MD5: 315826ee2035af276708d585f22b4728
Detection count: 93
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: March 24, 2011
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
File name: wab32.exeSize: 118.78 KB (118784 bytes)
MD5: 81810ce634f23130c33fe0f99c8ae3e2
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: February 22, 2012
%SystemDrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe
File name: winupd32.exeSize: 29.36 KB (29361 bytes)
MD5: 5ea09c9fd9c9f8279aa555955a6fc721
Detection count: 74
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: January 30, 2012
%USERPROFILE%\Eigene Dateien\MyPicture.jpg.com.exe
File name: MyPicture.jpg.com.exeSize: 9.21 KB (9216 bytes)
MD5: 6f337e58f145d472a28803b53b3041f1
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Eigene Dateien
Group: Malware file
Last Updated: December 1, 2010
c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\hostsv.exe
File name: hostsv.exeSize: 85.5 KB (85504 bytes)
MD5: 9a1cd8224b71dae733a2a95fa24d88d8
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: November 22, 2012
%SystemDrive%\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
File name: acleaner.exeSize: 31.66 KB (31666 bytes)
MD5: 37387c5028a5a352c751a4ba89323e19
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: May 26, 2011
c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
File name: acleaner.exeSize: 37.25 KB (37254 bytes)
MD5: c8b7d58ff7f6d180bff4078492355190
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: June 6, 2011
%SystemDrive%\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\hostsv.exe
File name: hostsv.exeSize: 50.68 KB (50688 bytes)
MD5: 8d99dfdd62ef0ab1896928d85fbfc349
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: December 12, 2012
c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\vcleaner.exe
File name: vcleaner.exeSize: 39.2 KB (39204 bytes)
MD5: 42c97a772cc56c90992155463bd05082
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: May 12, 2011
c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
File name: acleaner.exeSize: 56.38 KB (56386 bytes)
MD5: 14526d925889dd86263728a4df8ecdf1
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: May 20, 2011
%SystemDrive%\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
File name: system32.exeSize: 118.78 KB (118784 bytes)
MD5: 1d5fad8636788d69e03324493fc1d985
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: December 17, 2012
%SystemDrive%\RESTORE\k-1-3542-4232123213-7676767-8888886\X0R.exe
File name: X0R.exeSize: 18.94 KB (18944 bytes)
MD5: 9b24d0ca877f584eb9115e15fb3d8adc
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RESTORE\k-1-3542-4232123213-7676767-8888886
Group: Malware file
Last Updated: March 17, 2011
%SystemDrive%\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\hostsn.exe
File name: hostsn.exeSize: 56.83 KB (56832 bytes)
MD5: e70cd629a9a80fdf5f096da0a187a303
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: May 3, 2013
%SystemDrive%\RECYCLER\S-1-5-21-1254416572-1263425100-317347820-0350\system.exe
File name: system.exeSize: 34.81 KB (34816 bytes)
MD5: bf07ae02c498a3870436dd947e65ce47
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-1254416572-1263425100-317347820-0350
Group: Malware file
Last Updated: February 22, 2013
%SystemDrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe
File name: keygen.exeSize: 12.28 KB (12288 bytes)
MD5: 885977b6b62db01f66a44380c69cae20
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: December 24, 2012
c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
File name: acleaner.exeSize: 62.97 KB (62976 bytes)
MD5: 7abe8e15a0a49f478f1cb2461c274bdd
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: February 22, 2011
c:\RECYCLER\kos-2-3-41-0000010000-0000010000-0000010000-0100\wincache.exe
File name: wincache.exeSize: 53.24 KB (53248 bytes)
MD5: 99b2de77e2621646da883f2687402b66
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\kos-2-3-41-0000010000-0000010000-0000010000-0100
Group: Malware file
Last Updated: August 1, 2011
%SystemDrive%\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\hostsv.exe
File name: hostsv.exeSize: 92.67 KB (92672 bytes)
MD5: 169c51b0f104102e28f6716c3e60e4f1
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: February 6, 2013
%SystemDrive%\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\hostsn.exe
File name: hostsn.exeSize: 58.88 KB (58880 bytes)
MD5: 00632e0224390d5ebdfa50efc51ed8d3
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: April 29, 2013
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe
File name: csrxx.exeSize: 107 KB (107008 bytes)
MD5: 95e6b03796b1a40d445d18b89534ce87
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: December 6, 2010
c:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Bcuzz.exe
File name: Bcuzz.exeSize: 12.8 KB (12800 bytes)
MD5: c79ff887b1fc391744e8d55a56aab211
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: c:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341
Group: Malware file
Last Updated: December 16, 2010
c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\ecleaner.exe
File name: ecleaner.exeSize: 45.05 KB (45056 bytes)
MD5: 4ca79874e1071321e5cc1135771aa591
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: November 1, 2011
c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\hostsv.exe
File name: hostsv.exeSize: 74.24 KB (74240 bytes)
MD5: 15eceac6f09bcc8458c7c0916c902252
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013
Group: Malware file
Last Updated: December 17, 2012
More files
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.