Home Malware Programs Worms Email-Worm.Evaman.a

Email-Worm.Evaman.a

Posted: February 20, 2007

Threat Metric

Threat Level: 9/10
Infected PCs: 84
First Seen: July 24, 2009
OS(es) Affected: Windows

Evaman.a is a mass mailing worm that propagates through email. Once installed and executed, Evaman will embed itself into your Windows registry so that it can automatically start when Windows starts. Then Evaman.a will try to connect to a list of SMTP servers (or your PCs default SMTP server). Evaman.a will build up a list of email addresses to target by using the email address search feature of Yahoo mail. This involves making HTTP requests to: email.people.yahoo.com and will gather email addresses from the results. It will then send its copies to any emails that it is able to collect, as either an exe file or an scr file. Emails sent out by W32/Evaman-A pretend to be automatic responses from a mail server, and may have one of the following subject lines: "returned mail", "failure delivery "," mail failure "," failed transaction,"etc.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



malware.exe, syshosts.exe File name: malware.exe, syshosts.exe
Size: 23.04 KB (23040 bytes)
MD5: ff4042799e47d5c3f743031fcd3b1f9a
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
malware.exe, wintasks.exe File name: malware.exe, wintasks.exe
Size: 14.84 KB (14848 bytes)
MD5: d9ad184750f6428866af77ad0650dbff
Detection count: 24
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
Loading...