Spyware: Clear the Talking Email Amus Worm. (How are you. I am back.)
You clicked on an email and now your computer is talking to you. You have the amus worm. Here's how you clear it.
You clicked on an email , and your computer says:
| Quote: |
| How are you. I am back. My name is mister hamsi. I am seeing you. Haaaaaaaa. You must come to turkiye. I am cleaning your computer. 5. 4. 3. 2. 1. 0. Gule. Gule. |
Sound file:
http://www.f-secure.com/weblog/archives/amus.wav
Here is the evil it can do:
- - On the 1, 6, 20 and 25 of each month, it will replace the home page URL in Internet Explorer with the following text:
- Konneting du pepil and dizkoneting you. Anlami: Baglansan ne olacak, baglanmasan ne olacak. Zaten hatlar burada rezalet.
- On the 2, 15 and 17 of each month it will try to delete all .ini files in the Windows folder.
- On the 10 and 23 of each month, it will try to delete all .dll files in the Windows folder.
The email address of the infected person who sent it to you is not forged.
The attachment name is Masum.exe.
The subject name of the email is Listen and Smile
Uses Microsoft Outlook to send itself to all your contacts.
The body of the email will read...
Hey. I beg your pardon. You must listen.
You can confirm that you have this malware by looking in the root directory of your c: drive. It should contain a file named masum.exe.
It frequently also copies itself into as the following files in your /windows folder:
- Adapazari.exe
Ankara.exe
Anti_Virus.exe
Cekirge.exe
KdzEregli.exe
Messenger.exe
Meydanbasi.exe
My_Pictures.exe
Pide.exe
Pire.exe
It places the two following registry keys:
- [HKCU\SOFTWARE\Microsoft\Masum\Who]
"Who"="OnEmLi_DeGiL"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Microzoft_Ofiz"="%WINDIR%\KdzEregli.exe"
To correct this infection, use CTRL-ALT-DEL and kill any of the files listed above that are actively running. Then delete all the files involved. Remove the registry keys as well.
Most antivirus programs are now finding this creature. Update your antivirus and let it clear your system. You'll probably need to manually remove the leftovers from the registry.
Also see ...
XP: Show Version on the Desktop
H3Quick registry hack describing how to show your version of XP on the desktop./H3PIn our large network environment, we are now displaying the version on every user's system. This helps us figure out if problems are service pack two (sp2) related, for example. br / br /Of course, you can
H3Quick registry hack describing how to show your version of XP on the desktop./H3PIn our large network environment, we are now displaying the version on every user's system. This helps us figure out if problems are service pack two (sp2) related, for example. br / br /Of course, you can
Free Conversion and Currency Calculator from Microsoft
H3Microsoft has released a new calculator that allows you to convert from between hundreds of different units./H3PMicrosoft has released a free new calculator. It contains conversions of almost every type you can think of! br / br /One of the really neat things is the currency calculato
H3Microsoft has released a new calculator that allows you to convert from between hundreds of different units./H3PMicrosoft has released a free new calculator. It contains conversions of almost every type you can think of! br / br /One of the really neat things is the currency calculato
Free Spell Checker for Internet Explorer and Clones
H3If you are like me and cannot spell, you'll love this little plug in for IE. Yep, it's a free spell checker. /H3Pqmchenry will be so happy! No more correcting all of my horrible spellings! br / br /If you are like me and fill the forums will misspellings, the world will appreciate y
H3If you are like me and cannot spell, you'll love this little plug in for IE. Yep, it's a free spell checker. /H3Pqmchenry will be so happy! No more correcting all of my horrible spellings! br / br /If you are like me and fill the forums will misspellings, the world will appreciate y
jpeg / jpg exploit - looking at picture installs spyware and viruses
H3Many years ago it was a rumor that you could get viruses by looking at a picture. Soon this fear will be true. Here is how to test your system./H3PIn 1994 a myth was circulated that users could get a virus by just looking at a picture in your email or on the web. br / br /Soon, that
H3Many years ago it was a rumor that you could get viruses by looking at a picture. Soon this fear will be true. Here is how to test your system./H3PIn 1994 a myth was circulated that users could get a virus by just looking at a picture in your email or on the web. br / br /Soon, that
CMD: Determine the Mail Server for Any Domain
H3Quick little way to find the mail server for any known domain./H3PPeople are often curious what the mail server is for a given domain. Here's a quick way to find out... br / br /1. Click span style="font weight: bold"Start/span br /2. Click span style="font weight: bold"Run
H3Quick little way to find the mail server for any known domain./H3PPeople are often curious what the mail server is for a given domain. Here's a quick way to find out... br / br /1. Click span style="font weight: bold"Start/span br /2. Click span style="font weight: bold"Run