W32/Imaut.U is a worm. The worm will infect Windows systems and spreads via Yahoo! Instant Messenger, Microsoft Windows Live Messenger, and AOL Instant Messenger.
Upon execution, it downloads few files the following websites;
These files are saved as svchost32.exe and svchost.exe in the Windows System folder.
It modifies the registry at the following locations;
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_buzz
HKEY_CURRENT_USER\Software\Yahoo\pager\View\YMSGR_Launchcast
The worm tries to connect to: http://quicknews.info
It also tries to change the security settings of Yahoo! Instant Messenger, Windows Messenger or AOL Instant Messenger.
The worm sends one of the following Instant Messages to the members present in the contacts;
My pics [http://]quicknews.info/mypics[REMOVED] b-( << " hot pics this week [http://]quicknews.info/hot[REMOVED] :x" Miss World 2006: [http://]quicknews.info/MissWorld[REMOVED] !! " ;) 1 of my vacation pictures [http://]quicknews.info/vacation1[REMOVED] <:-P" ;) 1 of my vacation pictures [http://]quicknews.info/vacation2[REMOVED] <:-P " Images shot in Iraq _ The war will never end [http://]quicknews.info/Iraqwar[REMOVED] << :(" oh my god , i've won a 20000 usd lottery :O [http://]quicknews.info/mylottery[REMOVED] << " :D who is beside you in this pic [http://]quicknews.info/friendpic1[REMOVED] so good-looking" Screenshot of new windows version _ Windows Vista [http://]quicknews.info/vista[REMOVED] so cool :D" never click into the links like something in this image [http://]quicknews.info/dontclick[REMOVED] #:-S !!! " Do you realize who is in this image: [http://]quicknews.info/who[REMOVED]. Just think for a moment and tell me soon ;))" :( the page cannot be displayed [http://]quicknews.info/error[REMOVED] Something was wrong !!! Check it again and tell me later. THanks"
The worm may also terminate few security-related processes.
Proland
Software is the developer of Protector Plus range of antivirus software
packages. Protector Plus 2007 is available for Windows Vista, Windows 95/98/Me, Windows
XP, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS
and NetWare servers.
Protector Plus range of antivirus products
offer on-line virus detection and removal. All the packages have the ability
to detect and isolate all types of viruses, trojans, worms and other types
of malware.
These products are updated on a continuous basis and the latest upgrades
for all the platforms are made available for downloading from this site.
About
Protector Plus Antivirus Software Packages:
My pics [http://]quicknews.info/mypics[REMOVED] b-( << " 
