Trend Micro Virus Alert - WORM_OPANKI.W

WORM_OPANKI.W is a memory-resident worm that spreads via AOL Instant Messenger (AIM). It sends a link to all available AOL contacts it finds in an affected system, and when clicked, it downloads the worm onto the system. This worm is currently spreading in-the-wild and infecting computer systems running Windows 95, 98, ME, NT, 2000, and XP.

Upon execution, this worm drops a copy of itself in the Windows system folder as either GGFIG.EXE or XMCONFIG.EXE. It also drops the file MSDIRECTX.SYS which is detected by Trend Micro as TROJ_ROOTKIT.H. It creates registry entries that allow it to automatically execute during every Windows startup, and modifies registry entries to lower the affected system’s security settings.

The worm has backdoor capabilities enabling it to connect an Internet Relay Chat (IRC) server. Once a connection is established, it joins an IRC channel, where it listens for commands from a remote malicious such as:

* Basic IRC commands
* Download files
* Enable/disable anonymous login
* Enable/disable DCOM
* Execute files
* Send AIM message
* Other Details

WORM_OPANKI.W drops several HTML files which link to known adware and grayware programs, and then automatically connects to the linked sites.

If you would like to scan your computer for WORM_OPANKI.W, or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

WORM_OPANKI.W is detected and cleaned by Trend Micro pattern file #2.741.00 and above.