eastav.exe - Dangerous
eastav.exe
Manual removal instructions:
Antivirus Report of eastav.exe:
eastav.exe
I-Worm.Netsky.t
This worm spreads via the Internet as an attachment to infected emails.
Characteristics of infected messages
Message header (chosen at random from the list below)
Message body (chosen at random from the texts below)
Attachment
A file with a .pif extension and a randomly generated name.
The worm is activated when the user opens the attached file.
Once launched, the worm installs inself to the system and starts propagating.
Copies itself to the Windows directory under the name EastAV.exe and registers this file in the system registry auto-run key:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"EastAV"="%windir%\EastAV.exe"
The worm searches for files with the extensions listed below: adb; asp; cfg; cgi; dbx; dhtm; doc; eml; htm; html; jsp; mbx; mdx; mht etc.
harvests email addresses and sends copies of itself to all addresses found.
The worm uses its own SMTP library to send messages.
The worm will attempt to conduct DoS attacks on the following sites in accordance with the system clock local settings:
- www.cracks.am
- www.emule.de
- www.freemule.net
- www.kazaa.com
- www.keygen.us
Use RegRun Startup Optimizer to remove it from startup.
| eastav.exe | Malware |
| eastav.exe | Dangerous |
| eastav.exe | High Risk |
This worm spreads via the Internet as an attachment to infected emails.
Characteristics of infected messages
Message header (chosen at random from the list below)
Message body (chosen at random from the texts below)
Attachment
A file with a .pif extension and a randomly generated name.
The worm is activated when the user opens the attached file.
Once launched, the worm installs inself to the system and starts propagating.
Copies itself to the Windows directory under the name EastAV.exe and registers this file in the system registry auto-run key:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"EastAV"="%windir%\EastAV.exe"
The worm searches for files with the extensions listed below: adb; asp; cfg; cgi; dbx; dhtm; doc; eml; htm; html; jsp; mbx; mdx; mht etc.
harvests email addresses and sends copies of itself to all addresses found.
The worm uses its own SMTP library to send messages.
The worm will attempt to conduct DoS attacks on the following sites in accordance with the system clock local settings:
- www.cracks.am
- www.emule.de
- www.freemule.net
- www.kazaa.com
- www.keygen.us
Use RegRun Startup Optimizer to remove it from startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.