McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics

This is a generic detection, designed to proactively detect future variants of the W32/Alphx.worm . This detection was first included in the 4306 DAT release. It now detects the .b, .c , .d, and .e variants

The characteristic of this family of worms is to bring the user to a website containing  Exploit-ObjectData  code to execute its malicious code. Filenames and URLs of the websites containing this vulnerability may vary among variants.

McAfee products are most effective when configured to scan compressed executables (a default option). This is especially true where generic detections are considered.

Symptoms

This is a generic detection.  Therefore, it is not possible to state specific symptoms.

Method of Infection

This worm spreads via AOL Instant Messenger and (MS03-040) unpatched Internet Explorer browsers.

Removal

All Windows Users :
Use specified engine and DAT files for detection and removal.

Manual Removal Instructions

• Apply the MS03-040 patch
• Delete the following registry keys (Information on deleting registry keys )
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Run "Antivirus"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Start Page"
• Restart the computer
• Delete the files (if present)
• c:\a.exe
• c:\av.ex
• %WinDir%\av.exe
• %WinDir%\b.exe

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics

Characteristics -

This is a generic detection, designed to proactively detect future variants of the W32/Alphx.worm . This detection was first included in the 4306 DAT release. It now detects the .b, .c , .d, and .e variants

The characteristic of this family of worms is to bring the user to a website containing  Exploit-ObjectData  code to execute its malicious code. Filenames and URLs of the websites containing this vulnerability may vary among variants.

McAfee products are most effective when configured to scan compressed executables (a default option). This is especially true where generic detections are considered.

Symptoms

Symptoms -

This is a generic detection.  Therefore, it is not possible to state specific symptoms.

Method of Infection

Method of Infection -

This worm spreads via AOL Instant Messenger and (MS03-040) unpatched Internet Explorer browsers.

Removal -

Removal -

All Windows Users :
Use specified engine and DAT files for detection and removal.

Manual Removal Instructions

• Apply the MS03-040 patch
• Delete the following registry keys (Information on deleting registry keys )
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\Run "Antivirus"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Start Page"
• Restart the computer
• Delete the files (if present)
• c:\a.exe
• c:\av.ex
• %WinDir%\av.exe
• %WinDir%\b.exe

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A