Home / malware

PDF

Win32.Rezak.A@mm

First posted on 21 November 2011.
Source: BitDefender

Aliases :

Win32.Rezak.A@mm is also known as W32/Reeezak.A@mm.

Explanation :

It comes from e-mail in the following format:

Subject: Happy New Year
Body:
Hii
I can't describe my feelings
But all I can say is
Happy New Year :)
Bye

Attachment:Christmas.exe

When the user opens the attachment the Worm will display a window with the following picture:



After that the worm will send itself to all e-mail addresses it finds in Outlook address book and MSN Messanger address book in same format it arrives.

It will copies itself to Windows directory under the name Christmas.exe and it will add the following registry key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRunacker
with value %WINDIR%Christmas.exe

It will change the Microsoft Internet Explorer start page at an url that contains VBS.Zacker.C.
At this page there is a scripting variant of Win32.Zacker.A@mm and if a user opens that page it will be infected with that Zacker variant virus.

It also changes the computer name to ZaCker.
It will freeze the keyboard.
It will try to delete all the files from Windows directory

Last update 21 November 2011

 

TOP