How to Prevent and Remove the Net-Worm.Win32.Allaple.e

Bookmark and Share

 

1. What is the Net-Worm.Win32.Allaple.e

This program spread in a computer network and, like viruses-companions, don't change files or sectors on disks. Computer Worms are viruses that reside in the active memory of a computer and duplicate themselves. They may send copies of themselves to other computers, such as through email , Internet Relay Chat (IRC), Peer-2-Peer Clients e.t.c.
 

Alias:  Malware.Rahack!rem [PCTools],W32.Rahack.H [Symantec],W32/RAHack [McAfee],Mal_Allaple [Trend Micro],Mal/Allaple-A [Sophos],Worm:Win32/Allaple.L [Microsoft],Net-Worm.Win32.Allaple.e [Ikarus],Win-Trojan/Starman.Gen [AhnLab]

 

2.Technical Details:

 

a. The following files were created in the system:

 

No. Filename Size
1 [file and pathname of the sample #1] 78,848 bytes
  • Note:
    • %Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

b. Memory Modifications

  • There was a new process created in the system:

Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 159,744 bytes

c.  Registry Modifications

    • The following Registry Keys were created:
      • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}
      • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}\LocalServer32
    • The newly created Registry Values are:
      • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}\LocalServer32]
        • (Default) = "[file and pathname of the sample #1]"
      • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}]
        • (Default) = "wvwkelznbnhqvvql"

    c. Other details

    • The following port was open in the system:
    Port Protocol Process
    1127 TCP [file and pathname of the sample #1]

     

    • There were registered attempts to establish connection with the remote hosts. The connection details are:

    Remote Host Port Number
    203.43.25.67 139

     

    3. How-to's

    a. How to prevent the  Net-Worm.Win32.Allaple.e ?

    Please update the policy basic knowledge of Sax2  in time, Once  Ax3soft sax2 detects  the communication of these trojans, it will break them and  ensure your network & business security.

    b. How to Remove the Net-Worm.Win32.Allaple.e Manually?

    Step 1: Delete Net Worm.Win32.Allaple.e files:

    %appdata%\microsoft\internet explorer\quick launch\Net Worm.Win32.Allaple.e.lnk
    %desktop%\Net Worm.Win32.Allaple.e support.lnk
    %desktop%\Net Worm.Win32.Allaple.e.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\about.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\activate.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\buy.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\Net Worm.Win32.Allaple.e support.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\Net Worm.Win32.Allaple.e.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\scan.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\settings.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\update.lnk
    %programfiles\Net Worm.Win32.Allaple.e\about.ico
    %programfiles\Net Worm.Win32.Allaple.e\activate.ico
    %programfiles\Net Worm.Win32.Allaple.e\buy.ico
    %programfiles\Net Worm.Win32.Allaple.e\def.db
    %programfiles\Net Worm.Win32.Allaple.e\defext.dll
    %programfiles\Net Worm.Win32.Allaple.e\defhook.dll
    %programfiles\Net Worm.Win32.Allaple.e\defcnt.exe
    %programfiles\Net Worm.Win32.Allaple.e\help.ico
    %programfiles\Net Worm.Win32.Allaple.e\scan.ico
    %programfiles\Net Worm.Win32.Allaple.e\settings.ico
    %programfiles\Net Worm.Win32.Allaple.e\splash.mp3
    %programfiles\Net Worm.Win32.Allaple.e\uninstall.exe
    %programfiles\Net Worm.Win32.Allaple.e\update.ico
    %programfiles\Net Worm.Win32.Allaple.e\virus.mp3

    Step 2: Delete Net Worm.Win32.Allaple.e registry entries:

    hklm\SOFTWARE\Net Worm.Win32.Allaple.e
    hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Net Worm.Win32.Allaple.e
    hkcu\Software\Microsoft\Windows\CurrentVersion\Run "Net Worm.Win32.Allaple.e"
    hkcr\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}

    c. How to Remove these trojans Instantly?

    Manual removal is a difficult process and it is not recommend unless you are an expert in this field. Therefore, you best defense is to download and install a reliable anti-spyware program to scan spyware on your machine. In order to detect computer threats in the easiest and fastest way possible, we advised trying the  Malwarebytes' Anti-Malware, it is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit http://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes' Anti-Malware to help you.

     

    4. Appendix

    For more information, please visit  http://www.ids-sax2.com/ComputerSecurityNewsletter.htm

    		•