Category: Computer Worm
Active & Spreading
22 Dec 2006
The W32.Tasnab application propagates through network mapped drives. The systems that are affected include 98, Windows 95, Windows NT, Windows Me, Windows XP, and Windows Server 2003.
W32.Tasnab Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Tasnab from your computer.
More details about W32.Tasnab
The worm performs some actions like the other viruses do. The worm creates files where any text tthat user will enter into the Windows Explorer’s address bar. These files will be opened as Slam Bey.txt having the default file viewer text. The worm monitors the windows any of the names wherein their group names are ExploreWClass, WorkerA, WorkerW, ReBarWindow32, ComboBoxEx32, ComboBox, Edit, IEFrame, Navigation Bar, Address Band Root, CabinetWClass, ata*, RegEdit_RegEdit, Registry Editor, #32770, System Configuration Utility, ThunderRT6FormDC, HijackThis - v1.99.0, Tfrmmainstartup, Quick StartUp, Pocket Killbox 0 Items, Show/Kill Running Process, Startup Guard - Found New App At Startup !, SysListView32, Autostart And Process Viewer, tty, MS-DOS Prompt, KILLVB, ConsoleWindowClass, Command Prompt, PROCEXPL, TfrmIntegrator, TuneUp Utilities, iKnowPS, CurrProcessClass, CurrProcess, Run, Windows Task Manager, and Processes.
When the W32.Tasnab was executed, it replicates itself to the recent folders and any of the folders that were being accessed on the drives A-Z using some m\names. The worm also adds a value in to the registry subkey so it can execute when the windows will start. It modifies values in the registry subkey. The worm also monitors the address bar of the Windows Explorer and then replicates itself having names of the typed first 3 characters found in the address bar and also one of the created names from the monitored Windows. The worm also ends the regedit and the command prompt of your computer.