W32/Bobax.AJ Worm

Download free anti virus software

Anti virus software information

Order anti virus software (US$ 29.95)

Protector Plus
Anti virus software for

Windows
(XP, 2000, 2003, NT, Me, 98, 95)

Exchange

NetWare

W32/Bobax.AJ Worm

Information about the W32/Bobax.AJ Worm:

W32/Bobax.AJ is an email worm. This worm is a variant of W32/Bobax. The worm will infect Windows systems. The worm spreads through email and network.

This worm exploits PnP vulnerability present in Windows as explained by Microsoft Security Bulletin MS05-039.

The infected email carries a spoofed 'From' address picked up randomly from the infected system.

The subject of the infected mail will be any one of the following;

joke
bush
secret
funny
pics

The body of the infected mail will be any one of the following;

Hello,
Long time! Check this out!

Saddam Hussein - Attempted Escape, Shot dead
Attached some pics that i found

Hey,
Check this out :-)

Osama Bin Laden Captured.
Attached some pics that i found

Hey,
Remember this?

Testing
Secret!

Hey,
I was going through my album, and look what I found..

with any one of the following strings;

++ Attachment: No Virus found
++ F-Secure AntiVirus - You are protected
++ www.f-secure.com

++ Attachment: No Virus found
++ Panda AntiVirus - You are protected
++ www.pandasoftware.com

++ Attachment: No Virus found
++ Norton AntiVirus - You are protected
+++ www.symantec.com

++ Attachment: No Virus found
++ Norman AntiVirus - You are protected
++ www.norman.com

The name of the infected attachment will be same as the subject of the infected mail having any one of the following extensions;

zip, exe, pif or scr.

Upon execution of the infected attachment, the worm copies itself in random name with an .exe extension under the Windows System folder.

It also drops a file was[random number].tmp in the Windows Temp folder.

This worm tries to inject was[random number].tmp file into the processes starting with the following strings;

serv, Winl and expl.

The worm modifies registry at the following location to load itself during each startup.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Microsoft has released the patch for the MS05-039 vulnerability. It can be downloaded from the following link:

http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx

Users should apply the patch from the link provided above to remove the vulnerability inherent in the system.

This worm first appeared on September 7, 2005.

Other names of W32/Bobax.AJ Worm:

This Worm is also known as W32.Bobax.AJ@mm.

Click here to download a 30 day Evaluation Copy of
Protector Plus anti virus for your operating system

About Protector Plus Anti virus Software Packages:

Proland Software is the developer of Protector Plus range of anti virus software packages. Protector Plus anti virus is available for Windows XP, Windows Me/98/95, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS and NetWare servers.

Protector Plus range of anti virus products offer on-line virus detection and removal. All the packages have the ability to detect and isolate all types of viruses, trojans, worms and other types of malware.

These products are updated on a continuous basis and the latest upgrades for all the platforms are made available for downloading from this site.

You can download the 30 day evaluation copy of
Protector Plus anti virus software free of cost for these platforms:

Windows | Exchange | NetWare

Download free anti virus software | Anti virus software information | Order anti virus software