Its an indication that she/he is infected by a variant of Sohanad worm, most probably WORM_SOHANAD.AF. Once the worm is active, it will send out some built in messages to all your contacts without your knowledge and consent. This is one of many interesting Internet worms due to its agility and power to stay in the wild for quiet some time now. This is an evolving worm from a lame being to some exploit usage that made it always on the radar. If you're interested how its evolved, here's the blog from Trendmicro.
It modifies IE's default home page, disables Task Manager and Registry editor, disables the Run option in the command menu, modifies some YM's settings, and may terminate some security programs (ie antivitus, firewall, etc) running in the infected PC. These payloads needs some proper restoration process, otherwise, you might not be able to edit your registry or execute command from Run menu anymore =).
To clean .AF variant, you can follow the manual instructions.
If you're not sure of which variant got hit you, you might consider Trendmicro's free online scanner. It will execute its famous DCT (Damage Cleanup Template) technology to scan and clean your computer from most internet worms.
Posts
No comments:
Post a Comment