ANICMOO.AV

Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories

Search SpywareGuide Database & Site

Security Email Alerts & Updates

Full Name:	ANICMOO.AV Websearch Read More
Type:	Worm
Also Known as:	TROJ_ANICMOO.AV (Trend Micro) Troj/Animoo-H (Sophos)
SG Index:	10 [Explain]
Removal tools:	List of products that detect/remove/protect against ANICMOO.AV: Control IM and P2P use, block spyware and other malware: RTGuardian Endpoint Spyware Remediation: Greynet Enterprise Manager IM, P2P control, malware prevention and web filtering in single appliance: Unified Security Gateway

Category Description:	Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine. Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.
Comment:	This worm is distributed through exploit .ani files that appear as JPEG's. This exploit affects fully patched Windows XP SP2 systems through IE 6 and IE 7. Vunerable systems include: Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 for Itanium-based Systems Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 Edition Microsoft Windows Vista The worm is also distributed across the network via mapped networked drives and shortcuts to a network location. It will infect all executable files with the worm. It also attempts to write to the Floppy drive of the infected PC, which causes seemingly random floppy drive activity often; if no floppy disk is inserted, the user might be presented with an error regarding a floppy disk, even if no floppy disk has recently been used. If successful, it will write a copy of the worm's main executable (tool.exe) and an autorun.inf file. If the floppy is inserted into a clean PC, it will infect it. Please refer to Microsoft Security Bulletin MS05-002 for information on the animated cursor vulnerability. A tell-tale sign that a PC is infected with this is an error message called "Windows - No Disk" that says, "Exception processing message c0000013 75b6bf9c 4 75b6bf9c 75b6bf9c."

Properties:	Allows remote connect Autostarts/Stays Resident Changes HOSTS file Connects to the internet Force, hidden or stealth install Installs Through Exploit No EULA present No standard Uninstaller Reveals internal network Stealth Tactics

Click here to leave feedback for this product

Help with the BUST!

Become A Spyspotter!
Bust the Bad Guys!

Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.

Recent Blog Posts
A Year In Security Youtube Comment Bot Spams In Waves VGA Awards Trailers Used As Bait For Spam Offers Fake Visa Electronic Report Serves Up Zbot Data Stealer Banned Console Owners Beat The System - With Stickers Spot The Hack The Futility Of EULAs Auto Whaler Spears Phishers Fake Porn Grabbers Snag Nothing But Malware Console DDoS Botnets - A Thriving Industry

Recent Modifications

2010-3-11	Email Threats
2010-3-9	WeBuying
2010-3-9	HappytoFind
2010-3-5	PaintBrush
2010-3-5	Downloader-Tadpu
2010-3-4	Unclassified Trojans
2010-3-2	ParisVoyeur
2010-3-2	CoolWebSearch
2010-2-23	Dialers
2010-2-19	NetPumper 1.2