Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
26 May 2006
The W32.Sejese application is a worm that spreads through MSN Messenger, deletes files from the infected computer, and lowers down the computer's security settings.
W32.Sejese Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Sejese from your computer.
More details about W32.Sejese
Once the worm is opened, W32.Sejese duplicates itself as “%System%\drivers\etc\jesse.exe”. It looks for all the files in the foot folder of the drives A and C. For every file located, the worm makes a duplicate of itself as “[EXISTING FILE NAME].exe” and removes the original file. Then, the worm makes the “A:\Autor.txt” and “C:\Autor.txt” files. After that, the worm changes a value in the registry key to stop the Task Manager. It also adds a value in the registry key so that it is opened each time the Windows starts. The W32.Sejese program lowers the setting of the security by ending the processes such as “_AVPCC”, “ACKWIN32”, “AD-AWARE”, “ADMINTOOL”, “ADVXDWIN”, “AGENTA”, “AGENTSVR”, “ALERTSVC”, “ALOGSERV”, and “AMON9X”. After that, the worm tries to close window with titles such as “Administrador de tareas de Windows”, “Panel de control”, “Editor del Registro”, “Utilidad de configuracin del sistema”, and “Restaurar sistema”.
The program is identified as a network worm. The W32.Sejese application propagates itself through Internet Relay Chat (IRC) channels. The program exploits the vulnerabilities of the Windows operating system. The security gaps allow the application to execute on the connected computers with administrator privileges. The program utilizes network shares protected with weak passwords and unsecured folders to distribute threats to the computers within the network. The application is encrypted with a predefined list of user names and passwords to be used on secured network shares.