My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Rezak.A@mm

LOW
MEDIUM
~37376 bytes
(W32/Reeezak.A@mm)

Symptoms

- File Christmas.exe in Windows directory
- Internet Explorer start page at: http://geocities.com/jobreee/ZaCker.htm
- Frozen keyboard

Removal instructions:

  1. If you don't have BitDefender installed click here to download an evaluation version;

  2. Make sure that you have the latest updates using BitDefender Live!;

  3. Make the following changes in the windows registry:

    Note: Please make sure to modify only the values that are specified. It is also recommended to backup the windows registry before proceeding with these changes. For more information on backing the registry please read the FAQ.

    1. Select Run... from Start, then type regedit and press Enter;

    2. Delete the following key:
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Zacker

  4. Perform a full scan of your system (selecting, from the Action tab, the option Prompt user for action). Choose to delete all the files infected with Win32.Rezak.A@mm.

Analyzed By

Sorin Victor Dudea BitDefender Virus Researcher

Technical Description:

It comes from e-mail in the following format:

Subject: Happy New Year
Body:
Hii
I can't describe my feelings
But all I can say is
Happy New Year :)
Bye


Attachment:Christmas.exe

When the user opens the attachment the Worm will display a window with the following picture:






After that the worm will send itself to all e-mail addresses it finds in Outlook address book and MSN Messanger address book in same format it arrives.

It will copies itself to Windows directory under the name Christmas.exe and it will add the following registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Zacker
with value %WINDIR%\Christmas.exe


It will change the Microsoft Internet Explorer start page at an url that contains VBS.Zacker.C.
At this page there is a scripting variant of Win32.Zacker.A@mm and if a user opens that page it will be infected with that Zacker variant virus.

It also changes the computer name to ZaCker.
It will freeze the keyboard.
It will try to delete all the files from Windows directory