a.exe virus
Posted by admin on 25 Oct 2007 at 11:26 am | Tagged as: Antivirus, Registry Cleaner, Trojan, Windows
The a.exe file is a virus, also known as the W32.Ahlem.A@mm which was written in Visual Basic and became famous for being mass mailed as an email attachment. It is packed together using what’s known as the UPX run-time compression utility.
While the virus doesn’t compromise the overall integrity of a system, it can cause great unrest by mass emailing itself to everybody that you know. It does this by taking each of the addresses in your Windows log and running a macro-like process where it’ll submit over and over again, right the way until it has sent itself to all of your friends, family or work colleagues.
a.exe simply represents the name of the attachment that the W32.Ahlem.A@mm will try to send. It’s also been known, although not officially confirmed, that SARS_image.jpg is also being used to spread the worm.
The virus copies itself to a file named %Windir%\Csrss.exe every time you load up Windows. The worm will then re-execute and once again attempt to email the people in your Windows Address Book.
The best way to deal with the a.exe file is simply to cut it out before it reaches the system. This means installing a good anti-Virus suite and ensuring that email scanning and verification of downloads are both switched on. If you try to download the a.exe file with these measures in place, your protection will step in and spring an alert, informing you of the intrusion and safely neutralizing the threat.
To get rid of the immediate threat if you’re already carrying the virus, you should download a system clean-up utility. This will clean up spyware and adware, highlighting the issues that need your attention along the way. There are plenty of free tools available which are capable of removing the W32.Ahlem.A@mm.
You will also need to enter the Windows registry and change a value that was altered during the execution of the worm.
To do this, follow the steps below.
- Go to Start and click Run.
- Type “regedit” to access the Windows Registry Editor.
- Find the key titled; “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run”
- Delete the value; “SYSTEMSars32″=”%windir%\csrss.exe”
- Save your changes and exit the editor.
- Reboot Windows.
This process should remove the final traces of the W32.Ahlem.A@mm from your system and it will no longer replicate on start-up.
Please note that when using the Windows Registry Editor, it is extremely important that you avoid making mistakes and saving settings that are wrong. One wrong edit is all it takes to be locked out of your Microsoft Windows XP, and once you’re out, it can be hard to get back in!
If you don’t trust yourself to make those crucial changes, it’s a good idea to download one of the many free registry scanning packages. These automate the process of clearing redundant and corrupted files. You won’t need to access the registry yourself. You can sit back and let a developer’s hard graft do the work for you!
a.exe is just one of many email attachment threats that exist on the Internet. Be careful when downloading attachments and always be cautious when executing suspicious .exe files.
