W32.Ackantta.H@mm
W32.Ackantta.H@mm is a computer worm that will propagate by utilizing the infected computer to mass-mail itself. W32.Ackantta.H@mm will gather contact details including email address from the compromised computer where the same threat will be sent unknown to users. Ending and deleting services related to security and antivirus application is another payload of this virus.
Technical Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of W32.Ackantta.H@mm:
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.
Technical Details and Additional Information:
Malicious Files Added by W32.Ackantta.H@mm:
HPWuSchdj.exe
Dm28sf0V@XK$NX8hOu
Associated Windows Registry Entries:
HKEY_CURRENT_USER\Software\HP35
HKEY_LOCAL_MACHINE\Software\HP35
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\”hke8″ = “[STRING]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\”hke9″ = “[STRING]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”HP Software Updater v1.4″ = “[PATH TO EXECUTABLE]”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”[PATH TO EXECUTABLE]” = “[PATH TO EXECUTABLE]:*:Enabled:Explorer”