W32/Frantes.A@mm

Threat risk

Threat risk low


Detection files published: 18 Jun 2002	Description created: 2002-06-12	Description updated: 2002-06-18

Malware type: Worm	Alias: W32/Tettona.A, W32.Higuy.A	Spreading mechanism Email

Payload:

Summary
Spreading description
Removal

Summary

This is an Italian email worm, compressed with the Petite compression program. File size is 34761.

Spreading description

Email characteristics:

Subject: Several possible
Body: Several possible

Attachment: TETTONA.EXE or EURO.EXE or TATTOO.EXE

This email worm uses its own SMTP engine to spread to other users in the Windows Address Book.

The subjects used in infected mails are:
"Incredibile.."
"Urgente! (vedi allegato)"
"Qualsiasi cosa fai,falla al meglio."
"Incredible.."

The body text in the mails will be:

"Hello,
see this interesting file.
Bye."

or

"Ciao,
okkio all' allegato ;-)
A presto..."

or

"Ciao,
devi assolutamente vedere il file che ti ho allegato.
A presto..."

or

"Ciao,
apri subito l' allegato,e' molto interessante.
A presto..."

It will also install itself in registry so that it is loaded from bootup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DLLManager = \dllmgr32.exe

Removal

General information about removal of malicious software

Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.

Användning	Titel	Kommentar
	Förhindra smitta genom fildelning i nätverk
	Sanering av back-up foldrar i Windows Me och XP

Skriv ut sidan