ANICMOO.AV

Notice: Undefined index: related in /data/www/spywareguide/product_show.php on line 49 ANICMOO.AV

SpywareGuide powered by Actiance Security Labs

Search SpywareGuide Database & Site

Home

Access the Guide

List of Products List of Companies List of Categories

Tools

X-RayPC

Terms and Definitions

Full Name:	ANICMOO.AV Websearch Read More
Type:	Worm
Also Known as:	TROJ_ANICMOO.AV (Trend Micro) Troj/Animoo-H (Sophos)
SG Index:	10 [Explain]
Removal tools:	List of products that detect/remove/protect against ANICMOO.AV: IM, P2P control, malware prevention and web filtering in single appliance: Unified Security Gateway
Notice: Undefined variable: incprefix in /data/www/spywareguide/product_show.php on line 241
Category Description:	Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine. Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.
Comment:	This worm is distributed through exploit .ani files that appear as JPEG's. This exploit affects fully patched Windows XP SP2 systems through IE 6 and IE 7. Vunerable systems include: Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium) Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 for Itanium-based Systems Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 with SP1 for Itanium-based Systems Microsoft Windows Server 2003 x64 Edition Microsoft Windows Vista The worm is also distributed across the network via mapped networked drives and shortcuts to a network location. It will infect all executable files with the worm. It also attempts to write to the Floppy drive of the infected PC, which causes seemingly random floppy drive activity often; if no floppy disk is inserted, the user might be presented with an error regarding a floppy disk, even if no floppy disk has recently been used. If successful, it will write a copy of the worm's main executable (tool.exe) and an autorun.inf file. If the floppy is inserted into a clean PC, it will infect it. Please refer to Microsoft Security Bulletin MS05-002 for information on the animated cursor vulnerability. A tell-tale sign that a PC is infected with this is an error message called "Windows - No Disk" that says, "Exception processing message c0000013 75b6bf9c 4 75b6bf9c 75b6bf9c."

Properties:	Allows remote connect Autostarts/Stays Resident Changes HOSTS file Connects to the internet Force, hidden or stealth install Installs Through Exploit No EULA present No standard Uninstaller Reveals internal network Stealth Tactics

Click here to leave feedback for this product

Recent Modifications

Notice: Undefined variable: incprefix in /data/www/spywareguide/product_show.php on line 376

2023-3-28	Adult Networks/Services
2023-3-7	New York Islanders Fans
2017-2-10	Adult Hosts
2016-3-30	CoolWebSearch
2015-9-29	Malicious URLS
2015-5-19	Dialers
2015-1-5	Email Threats
2013-7-20	Date Manager
2013-4-10	BeeBus
2012-12-18	JT.Moonwalk

Company | Site and Spyware FAQ