SpywareGuide powered by Actiance Security Labs
Search SpywareGuide Database & Site
Home Access the Guide
List of Products List of Companies List of Categories
Tools
X-RayPC
Terms and Definitions
 
Full Name:
ANICMOO.AV Websearch   Read More
Type: Worm
Also Known as: TROJ_ANICMOO.AV (Trend Micro) Troj/Animoo-H (Sophos)
SG Index: 10 [Explain]
Removal tools: List of products that detect/remove/protect against ANICMOO.AV:
  • IM, P2P control, malware prevention and web filtering in single appliance: Unified Security Gateway
  • Category Description: Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.

    Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.
    Comment: This worm is distributed through exploit .ani files that appear as JPEG's. This exploit affects fully patched Windows XP SP2 systems through IE 6 and IE 7.

    Vunerable systems include:
    Microsoft Windows 2000 Service Pack 4
    Microsoft Windows XP Service Pack 2
    Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    Microsoft Windows XP Professional x64 Edition
    Microsoft Windows Server 2003
    Microsoft Windows Server 2003 for Itanium-based Systems
    Microsoft Windows Server 2003 Service Pack 1
    Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    Microsoft Windows Server 2003 x64 Edition
    Microsoft Windows Vista

    The worm is also distributed across the network via mapped networked drives and shortcuts to a network location. It will infect all executable files with the worm. It also attempts to write to the Floppy drive of the infected PC, which causes seemingly random floppy drive activity often; if no floppy disk is inserted, the user might be presented with an error regarding a floppy disk, even if no floppy disk has recently been used. If successful, it will write a copy of the worm's main executable (tool.exe) and an autorun.inf file. If the floppy is inserted into a clean PC, it will infect it.

    Please refer to Microsoft Security Bulletin MS05-002 for information on the animated cursor vulnerability.

    A tell-tale sign that a PC is infected with this is an error message called "Windows - No Disk" that says, "Exception processing message c0000013 75b6bf9c 4 75b6bf9c 75b6bf9c."
       
    Properties:
  •  Allows remote connect
  •  Autostarts/Stays Resident
  •  Changes HOSTS file
  •  Connects to the internet
  •  Force, hidden or stealth install
  •  Installs Through Exploit
  •  No EULA present
  •  No standard Uninstaller
  •  Reveals internal network
  •  Stealth Tactics
  • Click here to leave feedback for this product

    Recent Modifications
    2023-3-28  Adult Networks/Services
    2023-3-7  New York Islanders Fans
    2017-2-10  Adult Hosts
    2016-3-30  CoolWebSearch
    2015-9-29  Malicious URLS
    2015-5-19  Dialers
    2015-1-5  Email Threats
    2013-7-20  Date Manager
    2013-4-10  BeeBus
    2012-12-18  JT.Moonwalk
     
    Company  | Site and Spyware FAQ
    © Copyright 2003-2023, Actiance, Inc. All rights reserved.   Privacy Policy