Proactive IT Security
W32/Vote.A@mm
Threat risk
Threat risk low
|
Detection files published:
25 Sep 2001 |
Description created:
2001-09-26 |
Description updated:
2001-09-26 |
|
Alias:
|
Spreading mechanism
| |
|
Payload:
| ||
Spreading description
Email characteristics:
Subject: Fwd:Peace BeTweeN AmeriCa And IsLaM !
Body: Hi
iS iT A waR Against AmeriCa Or IsLaM !?
Let's Vote To Live in Peace!
Attachment: wtc.exe
Threat description
MixDaLaL.vbs searches through all local drives and network drives for *.HTM and *.HTML files and will overwrite all these files with the text:"AmeRiCa ...Few Days WiLL Show You What We Can Do !!! It's Our Turn >>> ZaCkEr is So Sorry For You."
Wtc.exe will create a registry key to load ZaCker.vbs at the next Windows Startup. ZaCker.vbs will delete the folder c:\windows then display a message box with the text:
"I promiss We WiLL Rule The World Again...By The Way,You Are Captured By ZaCker !!!"
When this is done it will try to add a format C: command to autoexec.bat.
Wtc.exe will also try to disable several anti-virus programs by deleting some specific folders that are typically used by some anti-virus programs.
Removal
If you are infected with this worm it is important that you do NOT restart the computer before you have deleted all infected files and removed the format c: command from the autoexec.bat file.
General information about removal of malicious software
Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.
| Usage | Title | Comment |
|---|---|---|
| Stopping network share infectors | ||
| Cleaning of back-up folders on Windows Me and XP |
