Resolve for W32/Avril A tool that removes W32/Avril
Download

Resolve for W32/Avril Ranking & Summary

Resolve for W32/Avril Tags

Protection virus protection Trojan trojan remover trojan protection W32/Avril removes avril lavigne concert tickets avril lavigne tickets

Resolve for W32/Avril Description

Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers. W32/Avril-A is an internet worm that copies itself into the Windows system folder using a random name and sets following registry entry to run itself automatically when Windows starts up: HKLMSoftwareMicrosoftWindowsCurrentVersion RunAvril Lavigne - Muse = randomname.exe The following registry entries are also created: HKLMSoftwareOvGAvril Lavigne=Done HKLMSoftwareOvGAvril LavignePSW-Trojan=1 W32/Avril-A drops itself into the KaZaA folder with one of the filenames shown below and creates the file avril-ii.inf. The worm terminates anti-virus products and drops several copies of itself onto the hard disk with random names. On the 7th, 11th and 24th of any month, W32/Avril-A will open up Microsoft Internet Explorer to www.avril-lavigne.com, display coloured ellipses in the middle of the screen and display "AVRIL_LAVIGNE_LET_GO - MY_MUSE:) 2002 (c) Otto von Gutenberg" in the top left corner of the screen. The worm can send cached passwords to a Russian email address. W32/Avril-A spreads by sending itself to email addresses gathered from DBX, MBX, WAB, HTML, EML, HTM, TBB, SHTML, NCH and IDX files, stored in listrecp.dll. The emails will have the following characteristics: Subject line - randomly selected from one of the following 10: Fw: Avril Lavigne - the best Fw: Prohibited customers... Fwd: Re: Admission procedure Fwd: Re: Reply on account for Incorrect MIME-header Re: According to Daos Summit Re: ACTR/ACCELS Transcriptions Re: Brigade Ocho Free membership Re: Reply on account for IFRAME-Security breach Re: Reply on account for IIS-Security Re: The real estate plunger Message body - chosen from 3 alternatives: "Avril fans subscription FanList admits you to take in Avril Lavigne 2003 Billboard awards ceremony Vote for I'm with you! Admission form attached below" "Restricted area response team (RART) Attachment you sent to is intended to overwrite start address at 0000:HH4F To prevent from the further buffer overflow attacks apply the MSO-patch" "Microsoft has identified a security vulnerability in Microsoft

Resolve for W32/Avril Related Software