WORM_ANIG.A is a non-destructive, memory-resident worm that propagates by dropping copies of itself in shared network drives. It steals login information and saves this obtained data in a file, which can later be retrieved by a remote user. It runs on Windows 95, 98, ME, NT, 2000, and XP. Upon execution, this memory-resident worm drops a copy of itself in the Windows system folder using the file name NTOSA32.EXE (the file name may vary however). It creates a registry entry that allows it to automatically execute at every system startup. This worm sets up a keylogger component by substituting the standard Microsoft Graphical Identification and Authentication DLL (MSGINA.DLL). It drops a file named NTGINA.DLL in the Windows system folder and then creates a registry entry to substitute the standard MSGINA. This added registry entry enables it to steal login information. This malware also has backdoor capabilities that allow it to listen, and wait for remote commands. If you would like to scan your computer for WORM_ANIG.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com WORM_ANIG.A is detected and cleaned by Trend Micro pattern file #751 and above.