Worm:Win32/Hamweq.A
|
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below: Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model. Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter. Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count. Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement. % Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage. |
||||
|---|---|---|---|---|
|
||||
Worm:Win32/Hamweq.A Description
The Worm:Win32/Hamweq.A worm is a unique worm infection with unusual properties that make it readily detectable even for novices, such as creating a fake Recycle Bin. The primary threat posed by this worm is in its ability to compromise the user's control over his or her own computer. An infected system can be manipulated into downloading and executing malicious files or may be used for other purposes, such as targeted Denial of Service attacks. Worm:Win32/Hamweq.A should be considered a major security threat and be removed using the usual methods for deleting malware.
The Start of the Worm:Win32/Hamweq.A Story
Worm:Win32/Hamweq.A first appeared around 2008, and began spreading itself through the use of removable devices. USB 'thumb drives' and other portable hard drive devices can be used to infect a computer with Worm:Win32/Hamweq.A, although it's been reported to limit attacks to weaknesses within the Windows operating system. It will copy itself as a hidden system file to prevent users from seeing it, and then attempt to crawl onto any new systems it encounters. The worm has been updated periodically for at least two years, which may make older software ineffective at detecting it. Worm:Win32/Hamweq.A's origin point is strongly suspected to be the Czech Republic.
What W32/AHKHeap-A Does to Your System
The Worm:Win32/Hamweq.A infection begins its work by infecting the Internet Explorer executable, and then creates registry entries and a fake Recycle Bin. It uses a desktop.ini file and other methods to trick Windows itself into thinking this Recycle Bin is legitimate. In reality, this fake Bin is just a cozy nest for the worm to hide within. Only one copy of Worm:Win32/Hamweq.A will run at a time, and it may even disable older copies of itself.
Worm:Win32/Hamweq.A will also open up a backdoor security hole to connect to IRC. It may contact various servers, such as crank.dontexist.com, lebanonbt.info, or tassweq.com. Once connected, the computer may download and run malicious files or be remotely controlled in other ways.
What W32/AHKHeap-A Means for You
If you're noticing oddly open ports, your Recycle Bin behaving unusually, new files that don't belong on your system, or outbound traffic you didn't initiate, these may be signs of Worm:Win32/Hamweq.A's presence. Since allowing it to remain is essentially giving control of your computer to an anonymous criminal, deleting Worm:Win32/Hamweq.A should be high-priority.
To remove Worm:Win32/Hamweq.A for good, you should remove all registry entries and delete all files. This may be done manually or with the help of anti-malware software, but in either case the infection cleaning should be done in Safe Mode. This will help prevent Worm:Win32/Hamweq.A from running, and in turn ensure that the removal process goes smoothly.
Aliases
More aliases (815)
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Worm:Win32/Hamweq.A may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Download SpyHunter's Malware ScannerNote: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
Technical Details
File System Modifications
The following files were created in the system:
%SystemDrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
File name: ise32.exeSize: 41.98 KB (41984 bytes)
MD5: 315826ee2035af276708d585f22b4728
Detection count: 93
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\
Group: Malware file
Last Updated: March 24, 2011
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
File name: wab32.exeSize: 118.78 KB (118784 bytes)
MD5: 81810ce634f23130c33fe0f99c8ae3e2
Detection count: 82
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\
Group: Malware file
Last Updated: February 22, 2012
%SystemDrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winupd32.exe
File name: winupd32.exeSize: 29.36 KB (29361 bytes)
MD5: 5ea09c9fd9c9f8279aa555955a6fc721
Detection count: 74
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\
Group: Malware file
Last Updated: January 30, 2012
%USERPROFILE%\Eigene Dateien\MyPicture.jpg.com.exe
File name: MyPicture.jpg.com.exeSize: 9.21 KB (9216 bytes)
MD5: 6f337e58f145d472a28803b53b3041f1
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Eigene Dateien\
Group: Malware file
Last Updated: December 1, 2010
c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\hostsv.exe
File name: hostsv.exeSize: 85.5 KB (85504 bytes)
MD5: 9a1cd8224b71dae733a2a95fa24d88d8
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\
Group: Malware file
Last Updated: November 22, 2012
%SystemDrive%\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe
File name: system32.exeSize: 118.78 KB (118784 bytes)
MD5: 1d5fad8636788d69e03324493fc1d985
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\
Group: Malware file
Last Updated: December 17, 2012
%SystemDrive%\RESTORE\k-1-3542-4232123213-7676767-8888886\X0R.exe
File name: X0R.exeSize: 18.94 KB (18944 bytes)
MD5: 9b24d0ca877f584eb9115e15fb3d8adc
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RESTORE\k-1-3542-4232123213-7676767-8888886\
Group: Malware file
Last Updated: March 17, 2011
%SystemDrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe
File name: keygen.exeSize: 12.28 KB (12288 bytes)
MD5: 885977b6b62db01f66a44380c69cae20
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\
Group: Malware file
Last Updated: December 24, 2012
c:\ReCycLEr\S-1-5-21-1482276501-1663491937-6831267430-1013\svchost.exe
File name: svchost.exeSize: 45.56 KB (45568 bytes)
MD5: 7c7bb6616792f23b946c1834ccb4898d
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: c:\ReCycLEr\S-1-5-21-1482276501-1663491937-6831267430-1013\
Group: Malware file
Last Updated: November 11, 2019
c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
File name: acleaner.exeSize: 62.97 KB (62976 bytes)
MD5: 7abe8e15a0a49f478f1cb2461c274bdd
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\
Group: Malware file
Last Updated: February 22, 2011
c:\RECYCLER\kos-2-3-41-0000010000-0000010000-0000010000-0100\wincache.exe
File name: wincache.exeSize: 53.24 KB (53248 bytes)
MD5: 99b2de77e2621646da883f2687402b66
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\kos-2-3-41-0000010000-0000010000-0000010000-0100\
Group: Malware file
Last Updated: August 1, 2011
%SystemDrive%\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\hostsn.exe
File name: hostsn.exeSize: 58.88 KB (58880 bytes)
MD5: 00632e0224390d5ebdfa50efc51ed8d3
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\
Group: Malware file
Last Updated: April 29, 2013
c:\RECYCLER\S-1-5-21-1482976101-1677491937-661001330-9999\system.exe
File name: system.exeSize: 17.92 KB (17920 bytes)
MD5: 0c2b83979c2ef4f8e30a1e1e2924dbd0
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\S-1-5-21-1482976101-1677491937-661001330-9999\
Group: Malware file
Last Updated: January 9, 2011
c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\csrxx.exe
File name: csrxx.exeSize: 107 KB (107008 bytes)
MD5: 95e6b03796b1a40d445d18b89534ce87
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: c:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\
Group: Malware file
Last Updated: December 6, 2010
c:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\Bcuzz.exe
File name: Bcuzz.exeSize: 12.8 KB (12800 bytes)
MD5: c79ff887b1fc391744e8d55a56aab211
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: c:\Recycle\X-5-4-27-2345678318-4567890223-4234567884-2341\
Group: Malware file
Last Updated: December 16, 2010
More files
