Acanze.A is simple email worm of Italian origin written in Visual Basic. Due to the coding techiques used, the worm will only work properly under Italian Windows versions.
Disinfection & Removal
Upon execution, Acanze.A will create a hidden, system file named 'login.bat' into %WINDOWS% directory. It will then set a registry key:
" HKLM\Software\Microsoft\Windows\CurrentVersion\Run\msnmsgr = "C:\WINNT\login.bat"
The key allows Windows to start the bat file each time a user logs on.
Under Italian versions of Windows, additional files will be dropped, and the attributes to both file set to hidden, system.
" C:\Programmi\Windows NT\netapi.dll
The worm will then check whether a connection to an Italian site can be established. If so, it will create e-mail messages containing copy of its body and send them to recipients in Outlook's Contact list.
Detection for this malware was published on March 8th, 2005 in the following F-Secure
Detection Type: PC