Resolve for W32/Anig A tool that removes W32/Anig
Download

Resolve for W32/Anig Ranking & Summary

Resolve for W32/Anig Tags

Virus antivirus protection trojan remover trojan protection W32/Anig-A W32/Anig-C removes

Resolve for W32/Anig Description

Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers. W32/Anig-A is a worm that can spread by copying itself over network shares. W32/Anig-A can also be used to steal passwords. W32/Anig-A copies itself to System32 using its original filename and creates the following registry entry in order to run on system restart: HKLMSoftwareMicrosoftWindowsCurrentVersionRunOsa32 W32/Anig-A attempts to spread by copying itself to the share ADMIN$ on remote machines. W32/Anig-A may drop a DLL file with keylogging functionality called GinaDLL.DLL and open port 5190 in order to receive remote commands. W32/Anig-A registers itself as a service called Distributed File Controller by creating the following registry entries: HKLMSystemCurrentControlSetServicesdfcsvc DependOnGroup = "" DependOnService = RpcSS DisplayName = Distributed File Controller Error Control = 0x0 ImagePath = /dfcsvc ObjectName = LocalSystem Start = 0x2 Type = 0x110 W32/Anig-A may also create the following registry entries: HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon GinaDll = ntgina.dll Ram32Data Ram32ID Ram32Group W32/Anig-C is a worm that can spread by copying itself over network shares. W32/Anig-C can also be used to steal passwords. W32/Anig-C attempts to spread by copying itself to the share ADMIN$ on remote computers. W32/Anig-C may drop a DLL file with keylogging functionality called GinaDLL.DLL and open port 5190 in order to receive remote commands. W32/Anig-C is a worm that can spread by copying itself over network shares. W32/Anig-C can also be used to steal passwords. W32/Anig-C copies itself to System32 using its original filename and creates the following registry entry in order to run on system restart: HKLMSoftwareMicrosoftWindowsCurrentVersionRunOsa32 W32/Anig-C attempts to spread by copying itself to the share ADMIN$ on remote computers. W32/Anig-C may drop a DLL file with keylogging functionality called GinaDLL.DLL and open port 5190 in order to receive remote commands. On NT based versions of Windows, W32/Anig-C registers itself as a service called with the display name Distributed File Controller. The new service has a Startup type of automatic so that the service is started automatically each time a new Windows session is started. New registry entries are created beneath the following registry entry: HKLMSystemCurrentControlSetServicesdfcsvc W32/Anig-C may also create the following registry entry: HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon GinaDll ntgina.dll W32/Anig can be removed from Windows computers automatically with the following Resolve tools: Windows disinfector ANIGGUI is a disinfector for standalone Windows computers. To use it you have to do the following: · Open ANIGGUI.com file from your desktop after downloading it. · Click on the Start Scan Button. · Wait for the process to complete. Command line disinfector ANIGSFX.EXE is a self-extracting archive containing ANIGCLI, a Resolve command line disinfector for use by system administrators on Windows networks.

Resolve for W32/Anig Related Software