Resolve for W32/Anig description
A tool that removes W32/Anig
Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms.
They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.
W32/Anig-A is a worm that can spread by copying itself over network shares.
W32/Anig-A can also be used to steal passwords.
W32/Anig-A copies itself to System32 using its original filename and
creates the following registry entry in order to run on system restart:
HKLMSoftwareMicrosoftWindowsCurrentVersionRunOsa32
W32/Anig-A attempts to spread by copying itself to the share ADMIN$ on remote
machines.
W32/Anig-A may drop a DLL file with keylogging functionality called GinaDLL.DLL
and open port 5190 in order to receive remote commands.
W32/Anig-A registers itself as a service called Distributed File Controller
by creating the following registry entries:
HKLMSystemCurrentControlSetServicesdfcsvc
DependOnGroup = “”
DependOnService = RpcSS
DisplayName = Distributed File Controller
Error Control = 0x0
ImagePath = /dfcsvc
ObjectName = LocalSystem
Start = 0x2
Type = 0x110
W32/Anig-A may also create the following registry entries:
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon
GinaDll = ntgina.dll
Ram32Data
Ram32ID
Ram32Group
W32/Anig-C is a worm that can spread by copying itself over network shares.
W32/Anig-C can also be used to steal passwords.
W32/Anig-C attempts to spread by copying itself to the share ADMIN$ on remote computers.
W32/Anig-C may drop a DLL file with keylogging functionality called GinaDLL.DLL and open port 5190 in order to receive remote commands. W32/Anig-C is a worm that can spread by copying itself over network shares.
W32/Anig-C can also be used to steal passwords.
W32/Anig-C copies itself to System32 using its original filename and creates the following registry entry in order to run on system restart:
HKLMSoftwareMicrosoftWindowsCurrentVersionRunOsa32
W32/Anig-C attempts to spread by copying itself to the share ADMIN$ on remote computers.
W32/Anig-C may drop a DLL file with keylogging functionality called GinaDLL.DLL and open port 5190 in order to receive remote commands.
On NT based versions of Windows, W32/Anig-C registers itself as a service called with the display name Distributed File Controller. The new service has a Startup type of automatic so that the service is started automatically each time a new Windows session is started. New registry entries are created beneath the following registry entry:
HKLMSystemCurrentControlSetServicesdfcsvc
W32/Anig-C may also create the following registry entry:
HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogon
GinaDll
ntgina.dll
W32/Anig can be removed from Windows computers automatically with the following Resolve tools:
Windows disinfector
ANIGGUI is a disinfector for standalone Windows computers. To use it you have to do the following:
· Open ANIGGUI.com file from your desktop after downloading it.
· Click on the Start Scan Button.
· Wait for the process to complete.
Command line disinfector
ANIGSFX.EXE is a self-extracting archive containing ANIGCLI, a Resolve command line disinfector for use by system administrators on Windows networks.
See Demo – Download – Visit Author Site
Please comments and give ratings. You may also report of broken or incorrect link using comments box below. Thanks!