Win32.Enemany.A.intended/B/C/D@mm
MEDIUM
LOW
9-10 Kbytes
(W32.Enemany.A.int)
Symptoms
For variants A and B:
C:\WINDOWS\SYSTEM\Ati.scr
C:\WINDOWS\Xerox-Update.Exe
C:\WINDOWS\Start Menu\Programs\StartUp\WinUpdate.exe
For variant C
C:\WINDOWS\SYSTEM\Edonkey.scr
C:\WINDOWS\Esel_Update.Exe
For variant D
C:\WINDOWS\SYSTEM\Aspi32.scr
C:\WINDOWS\teuro.Exe
The following message when is executed (for variants A and B):
For variant C
For variant D
The following message when is executed (for variants A and B):
Removal instructions:
- If you don't have BitDefender installed click here to download an evaluation version;
- Make sure that you have the latest updates using BitDefender Live!;
- Perform a full scan of your system (selecting, from the Action tab, the option Prompt user for action). Choose to delete all the files infected with Enemany.
Analyzed By
Costin Ionescu BitDefender Virus Researcher
Technical Description:
This is a virus which works under Windows, and is using Microsoft Outlook to propagate. The worm is written in Visual Basic 6 and is packed with UPX. Its size is about 9-10 Kbytes (packed) and unpacked is about 20 Kbytes.The virus spreads by sending itself as an attached file in an email to every person in the Microsoft Outlook Address Book. However, the first variant does not work properly so the virus fails to attach to infected e-mails (that is why it is called Intended). This error is corrected in variant B.
The format of the infected emails is the same for each version:
Attachement: has no attached file.
Attachment: Xerox-Update.Exe
Attachment: Esel_Update.Exe
Attachment: teuro.Exe
The first two variants drops the file WinUpdate.Exe in the StartUp directory so they will be executed at every Windows session. The virus will copy itself in the victim's computer only if the Windows is installed in directory C:\Windows (default for 95/98/Me/XP).
SHARE
THIS ON