1. Symantec/
  2. Security Response/
  3. W32.Picrate.A@mm

W32.Picrate.A@mm

Risk Level 2: Low

Discovered:
April 14, 2005
Updated:
February 13, 2007 12:37:03 PM
Also Known As:
Win32.Mugly.J [Computer Associ, Email-Worm.Win32.Wurmark.i [Ka, W32/Mugly.k@MM [McAfee], W32/Wurmark-I [Sophos]
Type:
Worm
Systems Affected:
Windows


W32.Picrate.A@mm is a worm that sends copies of itself to instant messenger contacts and drops a copy of a W32.Spybot.Worm variant.




This threat leaves behind files with names designed to prevent the user from running essential system tools. To find and remove these files, use the following directions. Please be sure to use the full filename while searching for these files. For example, 'regedit.com' is what needs to be typed in, not just 'regedit'. You may want to enable your computer to show file extensions before searching.

Note: This step is optional. It is not necessary to delete these files to remove the threat from your system.

To enable Windows to display file extensions:

    1. Open My Computer
    2. Click on the Tools menu, and drag down to Folder Options
    3. Click the View tab.
    4. In the 'Advanced Settings' box, uncheck the box next to 'Hide extensions for known file types'
    5. Click OK.


To find and delete files:
Follow the instructions for your operating system:
  • Windows 95/98/Me/NT/2000
    1. Click Start, point to Find or Search, and then click Files or Folders.
    2. Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
    3. In the "Named" or "Search for..." box, type, or copy and paste, the file names, ping.com, netstat.com, regedit.com, tasklist.com, taskkill.com, tracert.com, cmd.com, and ansmtp.dll.
    4. Click Find Now or Search Now.
    5. Before deleting the files, verify that the filename and extension match those noted in this document.
    6. Delete the displayed files.
  • Windows XP
    1. Click Start > Search.
    2. Click All files and folders.
    3. In the "All or part of the file name" box, type, or copy and paste, the file names ping.com, netstat.com, regedit.com, tasklist.com, taskkill.com, tracert.com, cmd.com, and ansmtp.dll.
    4. Verify that "Look in" is set to "Local Hard Drives" or to (C:).
    5. Click More advanced options.
    6. Check Search system folders.
    7. Check Search subfolders.
    8. Click Search.
    9. Before deleting the files, verify that the filename and extension match those noted in this document.
    10. Delete the displayed files.


Antivirus Protection Dates

  • Initial Rapid Release version April 15, 2005
  • Latest Rapid Release version April 15, 2005
  • Initial Daily Certified version April 15, 2005
  • Latest Daily Certified version April 15, 2005
  • Initial Weekly Certified release date April 16, 2005
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Paul Mangan

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube