Friday, April 18, 2025
HomeWindowsSpyware: Clear the Talking Email Amus Worm (How are you? I...
Windows

Spyware: Clear the Talking Email Amus Worm (How are you? I am back.)

David Kirk
By David Kirk
0
956

You clicked on an email, and now your computer is talking to you. You have the Amus worm. The following Tech-Recipes tutorial explains how to clear it from your system.


You clicked on an email, and your computer says the following:

    How are you. I am back. My name is mister hamsi. I am seeing you. Haaaaaaaa. You must come to turkiye. I am cleaning your computer. 5. 4. 3. 2. 1. 0. Gule. Gule.

Sound file:
http://www.f-secure.com/weblog/archives/amus.wav

Here is the evil it can do:

    – On the 1, 6, 20 and 25 of each month, it will replace the home page URL in Internet Explorer with the following text:
    [list]Konneting du pepil and dizkoneting you. Anlami: Baglansan ne olacak, baglanmasan ne olacak. Zaten hatlar burada rezalet.

– On the 2, 15 and 17 of each month it will try to delete all .ini files in the Windows folder.
– On the 10 and 23 of each month, it will try to delete all .dll files in the Windows folder.
The email address of the infected person who sent it to you is not forged.
The attachment name is Masum.exe.
The subject name of the email is Listen and Smile
It uses Microsoft Outlook to send itself to all your contacts.

The body of the email will read as follows:
Hey. I beg your pardon. You must listen.

You can confirm that you have this malware by looking in the root directory of your c: drive. It should contain a file named masum.exe.

It frequently also copies itself into as the following files in your /windows folder:

    Adapazari.exe
    Ankara.exe
    Anti_Virus.exe
    Cekirge.exe
    KdzEregli.exe
    Messenger.exe
    Meydanbasi.exe
    My_Pictures.exe
    Pide.exe
    Pire.exe

It places the two following registry keys:

    [HKCU\SOFTWARE\Microsoft\Masum\Who]
    “Who”=”OnEmLi_DeGiL”

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
    “Microzoft_Ofiz”=”%WINDIR%\KdzEregli.exe”

To correct this infection, use CTRL-ALT-DEL and kill any of the files listed above that are actively running. Then delete all the files involved. Remove the registry keys as well.

Most antivirus programs are now finding this creature. Update your antivirus, and let it clear your system. You will probably need to remove the leftovers manually from the registry.

Previous article
XP: Tasklist.exe – Get a List of Processes From the Command Line
Next article
T-Mobile Sidekick: Full Screen Web Browsing/Rounded Top Status Bar on Jump Menu
David Kirk
David Kirk
David Kirk is one of the original founders of tech-recipes and is currently serving as editor-in-chief. Not only has he been crafting tutorials for over ten years, but in his other life he also enjoys taking care of critically ill patients as an ICU physician.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Load more

LATEST REVIEWS

Load more

Recent Comments

techylist on How to Create a Save Collection on Instagram
Techylist on Get the Scoop on How to Use Twitter Moments in Just 5 Minutes! April, 2025
techylist on Get the Scoop on How to Use Twitter Moments in Just 5 Minutes! April, 2025
Alexzander E. Aguilar on How to Insert and Remove the SIM Card in an iPhone
Glenn Thomas on How To Deploy ISPAC File & SSIS Package From Command Line
Buck on How to Turn On and Off Automatic Updates in Windows 10
Anna Sue Edwards on How to View Facebook Login History
Dante on How Do I Copy Text from a Password Protected Word Document?
Darrin on How To Stop All Friend Requests On Facebook
William McCoy on How To Change Thumbs Up on Facebook Messenger
© Newspaper WordPress Theme by TagDiv
error: Content is protected !!