W32/Bobax.AJ Worm

Subscribe to Virus Alert
Mailing List

Enter your Email
(Ex : john@company.com)

W32/Bobax.AJ Worm

Information about the W32/Bobax.AJ Worm:

W32/Bobax.AJ is an email worm. This worm is a variant of W32/Bobax. The worm will infect Windows systems. The worm spreads through email and network.

This worm exploits PnP vulnerability present in Windows as explained by Microsoft Security Bulletin MS05-039.

The infected email carries a spoofed 'From' address picked up randomly from the infected system.

The subject of the infected mail will be any one of the following;

joke
bush
secret
funny
pics

The body of the infected mail will be any one of the following;

Hello,
Long time! Check this out!

Saddam Hussein - Attempted Escape, Shot dead
Attached some pics that i found

Hey,
Check this out :-)

Osama Bin Laden Captured.
Attached some pics that i found

Hey,
Remember this?

Testing
Secret!

Hey,
I was going through my album, and look what I found..

with any one of the following strings;

++ Attachment: No Virus found
++ F-Secure AntiVirus - You are protected
++ www.f-secure.com

++ Attachment: No Virus found
++ Panda AntiVirus - You are protected
++ www.pandasoftware.com

++ Attachment: No Virus found
++ Norton AntiVirus - You are protected
+++ www.symantec.com

++ Attachment: No Virus found
++ Norman AntiVirus - You are protected
++ www.norman.com

The name of the infected attachment will be same as the subject of the infected mail having any one of the following extensions;

zip, exe, pif or scr.

Upon execution of the infected attachment, the worm copies itself in random name with an .exe extension under the Windows System folder.

It also drops a file was[random number].tmp in the Windows Temp folder.

This worm tries to inject was[random number].tmp file into the processes starting with the following strings;

serv, Winl and expl.

The worm modifies registry at the following location to load itself during each startup.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Microsoft has released the patch for the MS05-039 vulnerability. It can be downloaded from the following link:

http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx

Users should apply the patch from the link provided above to remove the vulnerability inherent in the system.

This worm first appeared on September 7, 2005.

Other names of W32/Bobax.AJ Worm:

This Worm is also known as W32.Bobax.AJ@mm.

Click here to download a 30 day Evaluation Copy of
Protector Plus anti virus software for your operating system

About Protector Plus Antivirus Software Packages:

Proland Software is the developer of Protector Plus range of antivirus software packages. Protector Plus 2009 is available for Windows Vista, Windows 95/98/Me, Windows XP, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS and NetWare servers.

Special Offer Order Protector Plus Antivirus software Now and get SpamChoke Antispam Software worth $29.95 FREE!

Protector Plus range of antivirus products offer on-line virus detection and removal. All the packages have the ability to detect and isolate all types of viruses, trojans, worms and other types of malware.

These products are updated on a continuous basis and the latest upgrades for all the platforms are made available for downloading from this site.

Click here to order
Protector Plus anti virus software