Net-Worm.Win32.Allaple

Bookmark and Share

1. What is the Net-Worm.Win32.Allaple

Net-Worm.Win32.Allaple.e is one of the most popular threats. Once your computer is infected by Net-Worm.Win32.Allaple.e, you will constantly receive annoying pop-up advertisement while browsing web pages or you will be redirected to malicious websites. Moreover, your personal information will be probably revealed to a third party. Net-Worm.Win32.Allaple.e can hide itself secretly on your computer and gradually ruin your system. Do you want to know how to remove Net-Worm.Win32.Allaple.e from your computer thoroughly? Here are some effective instructions on how to remove and prevent Net-Worm.Win32.Allaple.e from your computer forever.

 

2.Technical Details:

 

a. The following files were created in the system:

 

No. Filename Size
1 [file and pathname of the sample #1] 62,976 bytes
  • Notes:
    • %CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
    • %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.

b Memory Modifications

  • There were new memory pages created in the address space of the system process(es):

Process Name Process Filename Allocated Size
[filename of the sample #1] [file and pathname of the sample #1] 152,713 bytes

d. Registry Modifications

    • The following Registry Keys were created:
      • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}
      • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}\LocalServer32
    • The newly created Registry Values are:
      • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}\LocalServer32]
        • (Default) = "[file and pathname of the sample #1]"
      • [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}]
        • (Default) = "seqlvhktrenrbbnt"

    e. Other details

    • The following ports were open in the system:
    Port Protocol Process
    1208 TCP [file and pathname of the sample #1]
    1209 TCP [file and pathname of the sample #1]
    1210 TCP [file and pathname of the sample #1]
    1211 TCP [file and pathname of the sample #1]
    1212 TCP [file and pathname of the sample #1]
    1213 TCP [file and pathname of the sample #1]
    1214 TCP [file and pathname of the sample #1]
    1215 TCP [file and pathname of the sample #1]

    • There were registered attempts to establish connection with the remote hosts. The connection details are:

    Remote Host Port Number
    203.12.3.220 139

     

    3. How-to's

    a. How to prevent the  Net-Worm.Win32.Allaple ?

    Please update the policy basic knowledge of Sax2  in time, Once  Ax3soft sax2 detects  the communication of these trojans, it will break them and  ensure your network & business security.

    b. How to Remove the Net-Worm.Win32.Allaple   Manually?

    Step 1 : Delete Net Worm.Win32.Allaple files:
    %appdata%\microsoft\internet explorer\quick launch\Net Worm.Win32.Allaple.e.lnk
    %desktop%\Net Worm.Win32.Allaple.e support.lnk
    %desktop%\Net Worm.Win32.Allaple.e.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\about.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\activate.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\buy.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\Net Worm.Win32.Allaple.e support.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\Net Worm.Win32.Allaple.e.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\scan.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\settings.lnk
    %commonprograms%\Net Worm.Win32.Allaple.e\update.lnk
    %programfiles\Net Worm.Win32.Allaple.e\about.ico
    %programfiles\Net Worm.Win32.Allaple.e\activate.ico
    %programfiles\Net Worm.Win32.Allaple.e\buy.ico
    %programfiles\Net Worm.Win32.Allaple.e\def.db
    %programfiles\Net Worm.Win32.Allaple.e\defext.dll
    %programfiles\Net Worm.Win32.Allaple.e\defhook.dll
    %programfiles\Net Worm.Win32.Allaple.e\defcnt.exe
    %programfiles\Net Worm.Win32.Allaple.e\help.ico
    %programfiles\Net Worm.Win32.Allaple.e\scan.ico
    %programfiles\Net Worm.Win32.Allaple.e\settings.ico
    %programfiles\Net Worm.Win32.Allaple.e\splash.mp3
    %programfiles\Net Worm.Win32.Allaple.e\uninstall.exe
    %programfiles\Net Worm.Win32.Allaple.e\update.ico
    %programfiles\Net Worm.Win32.Allaple.e\virus.mp3

    Step 2 : Delete Net Worm.Win32.Allaple registry entries:
    hklm\SOFTWARE\Net Worm.Win32.Allaple.e
    hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Net Worm.Win32.Allaple.e
    hkcu\Software\Microsoft\Windows\CurrentVersion\Run "Net Worm.Win32.Allaple.e"
    hkcr\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}

    c. How to Remove these trojans Instantly?

    Manual removal is a difficult process and it is not recommend unless you are an expert in this field. Therefore, you best defense is to download and install a reliable anti-spyware program to scan spyware on your machine. In order to detect computer threats in the easiest and fastest way possible, we advised trying the  Malwarebytes' Anti-Malware, it is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. visit http://www.ids-sax2.com/Malwarebytes-Anti-Malware.htm and download Malwarebytes' Anti-Malware to help you.

     

    4. Appendix

    For more information, please visit  http://www.ids-sax2.com/ComputerSecurityNewsletter.htm

    		•