SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  ANACON.EXE

Name ANACON.EXE

Description

I-Worm.Nocana.a
Nocana is a worm virus spreading via the Internet as an e-mail file attachment via P2P file sharing networks.
The worm contains a backdoor routine.
- opens full access to disk files and system registry keys
- sends information about infected computer
- sends cached passwords
- sends keyboard log
- downloads and executes files from Web
- changes display resolution
- runs DoS attack on several servers

Note that the real attached .EXE file name is hidden by a false .JPG extension(an "extra functionality" of MS Outlook is used to accomplish this deception).
As a result the infected .EXE file is displayed as a .JPG image file, but upon opening the attachment it is executed as a true EXE file.

The worm then installs itself to the system, runs its spreading routine and payload.
While installing the worm copies itself to the Windows directory using the name "ANACON.EXE" and registers this file in the system registry auto-run keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run AHU= %SystemDir%\ANACON.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices Hvewsveqmg = %SystemDir%\ANACON.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run Cvfjx = %SystemDir%\ANACON.EXE

The Nocana worm also terminates several anti-virus and active firewall processes.
To send infected messages the worm uses MS Outlook and sends messages to all the addresses found in the Outlook address book.

It also formats the D: drive.
Deletes all files in the current directory (in most cases - Windows system directory).
On 1st, 4th, 8th, 12th, 16th, 20th, 24th and 28th of each month the worm deletes all *.DLL, *.NLS, *.OCX files in the current directory (in most cases - Windows directory).

Automatic Removal: Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

jqaqunkvhg

vuxkqzdtto

sfwzudsycb

qxsbulvhhi

szycyasjht

zwyphrjahj

Free galleries

xltqfxuszj

nhljjlawdc

qqnovhtngn

piawrppfli

Callow Project

shbichrgsz

ydpopxzcxr

xdvcvqrwdw

mqqxzixoml

bxlymcrgya

hnmqjvhjhy

ffzyuwjxis

knrwnryzab

jlukkdeech

olctrlajck

ltxbflipvo

Super!!!

ykkqlevsgw

rxytbjuocn

vkwvkfzudd

Delivered grown-up galleries

oujjgbtqvv

cyyhnhlxve




SoftwareTipsandTricks, All Rights Reserved.