Computer threats

Email-Worm.Win32.Zhelatin.t (and variants)

This worm has several different variants currently popping up worldwide, but their names are all pretty similar (the last letter changing to either t, u, o, or a). The worm arrives via email and spreads by harvesting email addresses from infected computers. It duplicates itself and terminates processes with words like anti, virus, trojan, AVP, and task mgr (among others. Kaspersky Labs has a thorough list of email subject lines and attachments, and they recommend the following steps for removing the worm:

  • Reboot the computer in Safe Mode (at the start of the boot sequence, press and hold F8, then choose Safe Mode from the Windows boot menu).
  • Delete the original worm file (the location will depend on how the program originally penetrated the victim machine).
  • Delete the following files:

*System*\alsys.exe

*System*\wincom32.ini

*System*\wincom32.sys

  • Delete the following system registry entries:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]

“Agent” = “*System*\alsys.exe”

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]

“Agent” = “*System*\alsys.exe”

Then make sure your malware definitions are up to date, and run a complete scan.

Trojan.JS.WindowBomb.an (also b, c, d, and f)

The WindowBomb trojan ( sometimes called JS/WindowBomb) crashes web browsers once it infects your computer. Once the trojan launches, it attempts to open browser windows infinitely in an effort to crash your system. Most AV/AS software should be able to catch WindowBomb, so make sure your updates are current.

W32.Annew.A

This recent worm disables system files and replicates itself in your system directory. Once installed, it shows the Windows error message:

Title: Application Error

Message:0xFFFFFFFF

According to Symantec, it then changes the title of all open windows to [^_^Anti Antivirus^_^] and stops any process containing the strings cmd, config, task, Proc, Hex, or spy. You can delete instances of this worm from your system, but you should also be sure to delete its values from your registry. Updated AV/AS patches will help catch it.

To read more about some of the latest threats, you might check out Anti-Virus Rants, MalWare Help.org, or the US-CERT website. They usually have good information and links for helping secure your computers.

Leave a Reply