Discussion in 'malware problems & news' started by FanJ, Apr 23, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: W32/Onamu-A
    Aliases: I-Worm.Radix.a, Pe_Moe.A
    Type: Win32 executable file virus
    Date: 23 April 2002

    Sophos has received several reports of this virus from the wild.


    W32/Onamu-A is a Win32 virus which may arrive as a randomly
    named attachment to an email from a fake email address such as
    wer937@hotmail.com or lecs2462@yahoo.com.

    The email will have a randomly chosen subject line and message
    text, in Spanish.

    When run, the virus copies itself to the Windows folder and adds
    the path to this file to a new value in the registry at:


    W32/Onamu-A then searches the Windows, system and current
    folders for EXE and SCR files to infect. It also sends itself
    out to all contacts in the Windows address book.

    Read the analysis at
Thread Status:
Not open for further replies.