easyav.exe - Dangerous
easyav.exe
Manual removal instructions:
Antivirus Report of easyav.exe:
easyav.exe
W32.Netsky.S@mm is a mass-mailing worm and a variant of W32.Netsky.R@mm.
It also contains backdoor functionality and may perform Denial of Service (DoS) attack against specified Web sites.
If the system date is between April 14, 2004 to April 23, 2004, the worm will try to perform a DoS attack against the following Web sites:
www.cracks.am; www.emule.de; www.kazaa.com; www.freemule.net; www.keygen.us
The email has a variable subject line and attachment name. The attachment will have a .pif file extension.
Copies itself as %Windir%\EasyAV.exe.
Creates the file, %Windir%\Uinmzertinmds.opm, which contains a MIME-encoded copy of the worm's executable.
Adds the value:
"EasyAV"="%Windir%\EasyAV.exe"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Listens on port 6789. If the attacker sends an executable file to an infected computer, the worm will save it as.exe, and then execute that file.
Scans and retrieves email addresses from the files with some extensions.
If the system date is not April 2004, or if it is and the day is less than 14 or greater than 16, the worm will attempt to use its own SMTP engine
to send itself to all the email addresses that it finds.
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: "EasyAV"="%windir%\EasyAV.exe"
| easyav.exe | Malware |
| easyav.exe | Dangerous |
| easyav.exe | High Risk |
It also contains backdoor functionality and may perform Denial of Service (DoS) attack against specified Web sites.
If the system date is between April 14, 2004 to April 23, 2004, the worm will try to perform a DoS attack against the following Web sites:
www.cracks.am; www.emule.de; www.kazaa.com; www.freemule.net; www.keygen.us
The email has a variable subject line and attachment name. The attachment will have a .pif file extension.
Copies itself as %Windir%\EasyAV.exe.
Creates the file, %Windir%\Uinmzertinmds.opm, which contains a MIME-encoded copy of the worm's executable.
Adds the value:
"EasyAV"="%Windir%\EasyAV.exe"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Listens on port 6789. If the attacker sends an executable file to an infected computer, the worm will save it as
Scans and retrieves email addresses from the files with some extensions.
If the system date is not April 2004, or if it is and the day is less than 14 or greater than 16, the worm will attempt to use its own SMTP engine
to send itself to all the email addresses that it finds.
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: "EasyAV"="%windir%\EasyAV.exe"
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.