Worm.Win32.Small.aga is a trojan written by CC, of being length 20,480 bytes.Worm.Win32.Small.agawould be spreading mainly through by the file bundle, Downloader, webpages linked to trojan horse, etc., The primary purpose of Worm.Win32.Small.agais to establish a back door and spread itself using a removable disk, so that the user’s computer would be then turned into a puppet master.
When a PC is infected byWorm.Win32.Small.aga, then the important system files would be lost, system and network would be slowed, a lot of suspicious unknown process would run.
Infected Objects by Worm.Win32.Small.aga
Windows 2000/Windows XP / Windows 2003/Windows Vista / Windows 7
Transmission of Worm.Win32.Small.aga
Bundle file, web page linked to horse, download manager
1. Manually Delete the Following Files in system:
%Documents and Settings%AdministratorApplication Datahidserv.exe
2. Manually Delete the Following Files in removable disk:
x:AEXRGYHDFG-2352-26235-2322322-624621221-2622255w89e85t5.exe
x:AEXRGYHDFG-2352-26235-2322322-624621221-2622255Desktop.ini
x:autorun.inf
2. Manually Delete the Following Registry Key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
1)
Name:Windows Update System
Data: C:Documents and SettingsAdministratorApplication Datahidserv.exe
SYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList
2)
Name:Windows Update System
Data:C:Documents and SettingsAdministratorApplication Datahidserv.exe
3.Replace the host file modified by Worm.Win32.Small.aga by the nomal one.
Variable declaration:
% SystemDriver% system where the partition, usually C:
% SystemRoot% WINDODWS directory, usually C: Windows
% Documents and Settings% user file directory, usually C: Documents and Settings
% Temp% temp folder, usually C: Documents and Settings current user name Local Settings Temp
% ProgramFiles% system program the default installation directory, typically: C: ProgramFiles
Files created by Worm.Win32.Small.aga
%Documents and Settings%AdministratorApplication Datahidserv.exe
x:AEXRGYHDFG-2352-26235-2322322-624621221-2622255w89e85t5.exe
x:AEXRGYHDFG-2352-26235-2322322-624621221-2622255Desktop.ini
x:autorun.inf
Registry Branches modified by Worm.Win32.Small.aga:
1)
Name: Windows Update System
Data: C:Documents and SettingsAdministratorApplication Datahidserv.exe
SYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList
2)
Name: Windows Update System
Data: C:Documents and SettingsAdministratorApplication Datahidserv.exe
Worm.Win32.Small.aga Would Try to Access the Website As Follow:
http://www.sp***tes***le.com/10***bin
The above instructions are for advanced computer users only. For regular computer users, we recommend to download Worm.Win32.Small.aga Auto Uninstaller to completely uninstall Worm.Win32.Small.aga.
