Acanze.A is simple email worm of Italian origin written in Visual Basic. Due to the coding techniques used, the worm will only work properly under Italian Windows versions.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
More scanning & removal options
More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Upon execution, Acanze.A will create a hidden, system file named 'login.bat' into %WINDOWS% directory. It will then set a registry key:
" HKLM\Software\Microsoft\Windows\CurrentVersion\Run\msnmsgr = "C:\WINNT\login.bat"
The key allows Windows to start the bat file each time a user logs on.
Under Italian versions of Windows, additional files will be dropped, and the attributes to both file set to hidden, system.
" C:\Programmi\Windows NT\netapi.dll
The worm will then check whether a connection to an Italian site can be established. If so, it will create e-mail messages containing copy of its body and send them to recipients in Outlook's Contact list.
Detection for this malware was published on March 8th, 2005 in the following F-Secure
Detection Type: PC