Softpedia >Windows >Antivirus >Removal Tools >  Resolve for W32/Avril
Resolve for W32/Avril icon

Resolve for W32/Avril

2.4/5 9
Certified 100% CLEAN Freeware   

A tool that removes W32/Avril. #Trojan protection  #Trojan remover  #Virus protection  #W32/Avril  #Trojan  #Protection  

Description

Free Download

Resolve for W32/Avril screenshot

Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms.

They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.

W32/Avril-A is an internet worm that copies itself into the Windows system folder using a random name and sets following registry entry to run itself automatically when Windows starts up:

HKLMSoftwareMicrosoftWindowsCurrentVersion RunAvril Lavigne - Muse = randomname.exe

The following registry entries are also created: HKLMSoftwareOvGAvril Lavigne=Done HKLMSoftwareOvGAvril LavignePSW-Trojan=1

W32/Avril-A drops itself into the KaZaA folder with one of the filenames shown below and creates the file avril-ii.inf.

The worm terminates anti-virus products and drops several copies of itself onto the hard disk with random names.

On the 7th, 11th and 24th of any month, W32/Avril-A will open up Microsoft Internet Explorer to www.avril-lavigne.com, display coloured ellipses in the middle of the screen and display "AVRIL_LAVIGNE_LET_GO - MY_MUSE:) 2002 (c) Otto von Gutenberg" in the top left corner of the screen.

The worm can send cached passwords to a Russian email address.

W32/Avril-A spreads by sending itself to email addresses gathered from DBX, MBX, WAB, HTML, EML, HTM, TBB, SHTML, NCH and IDX files, stored in listrecp.dll.

The emails will have the following characteristics: Subject line - randomly selected from one of the following 10: Fw: Avril Lavigne - the best Fw: Prohibited customers... Fwd: Re: Admission procedure Fwd: Re: Reply on account for Incorrect MIME-header Re: According to Daos Summit Re: ACTR/ACCELS Transcriptions Re: Brigade Ocho Free membership Re: Reply on account for IFRAME-Security breach Re: Reply on account for IIS-Security Re: The real estate plunger

Message body - chosen from 3 alternatives: "Avril fans subscription FanList admits you to take in Avril Lavigne 2003 Billboard awards ceremony Vote for I'm with you! Admission form attached below"

"Restricted area response team (RART) Attachment you sent to is intended to overwrite start address at 0000:HH4F To prevent from the further buffer overflow attacks apply the MSO-patch"

"Microsoft has identified a security vulnerability in Microsoft� IIS 4.0 and 5.0 that is eliminated by a previously-released patch. Customers who have applied that patch are already protected and do not need to take additional action. Microsoft strongly urges all customers using IIS 4.0 and 5.0 who have not already done so to apply the patch immediately. Patch is also provided to subscribed list of Microsoft�Tech Support:"

Attached file - one of the following: AvrilLavigne.exe AvrilSmiles.exe CERT-Vuln-Info.exe Cogito_Ergo_Sum.exe Complicated.exe Download.exe IAmWiThYoU.exe MSO-Patch-0035.exe MSO-Patch-0071.exe Readme.exe Resume.exe Singles.exe Sk8erBoi.exe Sophos.exe Transcripts.exe Two-Up-Secretly.exe

W32/Avril-B is an internet worm which spreads via email. W32/Avril-B is an extended variant of W32/Avril-A. For information on the generic features of W32/Avril-B see the description of W32/Avril-A.

W32/Avril-B differs from W32/Avril-A as follows.

The format of the sent email has changed to the following:

Subject line - one of the following 16: Fw: Avril Lavigne - CHART ATTACK! Fw: F. M. Dostoyevsky "Crime and Punishment" Fw: Redirection error notification Fwd: Re: Have U requested Avril Lavigne bio? Fwd: Re: Reply on account for Incorrect MIME-header Fwd: RFC-0245 Specification requested... Fwd: RFC-0841 Specification requested... Re: According to Purge's Statement Re: ACTR/ACCELS Transcriptions Re: Brigada Ocho Free membership Re: Ha perduto qualque cosa signora? Re: IREX admits you to take in FSAU 2003 Re: Junior Achievement Re: Reply on account for IFRAME-Security breach Re: Reply on account for IIS-Security Breach (TFTP) Re: Vote seniors masters - don't miss it!

Message text - may contain one of the following 4 alternatives, but they might be skipped and hence not included:

"AVRIL LAVIGNE - THE CHART ATTACK! Vote fo4r Complicated! Vote fo4r Sk8er Boi! Vote fo4r I'm with you! Chart attack active list:"

"Restricted area response team (RART) Attachment you sent to is intended to overwrite start address at 0000:HH4F To prevent from the further buffer overflow attacks apply the MSO-patch"

"Network Associates weekly report: Microsoft has identified a security vulnerability in Microsoft� IIS 4.0 and 5.0 that is eliminated by a previously-released patch. Customers who have applied that patch are already protected against the vulnerability and do not need to take additional action. Microsoft strongly urges all customers using IIS 4.0 and 5.0 who have not already done so to apply the patch immediately. Patch is also provided to subscribed list of Microsoft� Tech Support:"

"AVRIL LAVIGNE - THE BEST Avril Lavigne's popularity increases:> SO: First, Vote on TRL for I'm With U! Next, Update your pics database! Chart attack active list .>.>"

Attachment exe - one of the following 21: ADialer.exe ALavigne.exe AvrilLavigne.exe AvrilSmiles.exe BioData.exe CERT-Vuln-Info.exe Cogito_Ergo_Sum.exe Complicated.exe EntradoDePer.exe IAmWiThYoU.exe MSO-Patch-0035.exe MSO-Patch-0071.exe Phantom.exe Readme.exe Resume.exe SiamoDiTe.exe Sk8erBoi.exe Sophos.exe Transcripts.exe TrickerTape.exe Two-Up-Secretly.exe

The worm may also attach a TXT, HTM, DOC or HTML file to the email from the Personal folder of the user.

W32/Avril-B tries to update itself from the web and also tries to download a backdoor Trojan (apparently Back Orifice 2K) from the web and run it on the user's computer. At the time of this writing the corresponding URL was unavailable. The worm would download the backdoor Trojan into bo2k.exe and set the following registry entry:

HKLMLSoftwareMicrosoftWindowsCurrentVersionRunSocketListener = bo2k.exe

W32/Avril-B drops a different version of the text file avril-ii.inf and sends the cached passwords to different email addresses.

The payload has also been changed slightly, in that the text displayed in the top left corner of the screen is now "AVRIL_LAVIGNE_LET_GO - MY_MUSE:) VOTE FOR I'm With YoU.

W32/Avril-C is a worm that spreads in local networks (see W32/Avril-A for further information) and on the internet by sending emails to email addresses gathered from DBX, MBX, WAB, HTML, EML, HTM, ASP and SHTML files. The sent email has the following characteristics:

Subject line - one of the following: Fw: IREX Fields Description Re: ACCELS Awards results for 2003 Re: Avril Fans will rock you Fw: Avril Lavigne - the best Re: Antique themes Re: ACTR/ACCELS Transcriptions

Message text - chosen from the following three options:

"EDUCATIONAL PURPOSE Avril fans subscription I wish you the sweetest thing"

"Restricted area response team (RART) Attachment you sent to is really good :-) Well done! SMTP session error #450: service not ready"

"

Resolve for W32/Avril 1.04

 add to watchlist add to download basket send us an update REPORT
  runs on:
Windows All
  file size:
78 KB
  filename:
avrilgui.com
  3 screenshots:
Resolve for W32/Avril - screenshot #1Resolve for W32/Avril - screenshot #2Resolve for W32/Avril - screenshot #3
  main category:
Antivirus
  developer:
  visit homepage

calibre

Effortlessly keep your e-book library thoroughly organized with the help of the numerous features offered by this efficient and capable manager
calibre

4k Video Downloader

Export your favorite YouTube videos and playlists with this intuitive, lightweight program, built to facilitate downloading clips from the popular website
4k Video Downloader

Windows Sandbox Launcher

Set up the Windows Sandbox parameters to your specific requirements, with this dedicated launcher that features advanced parametrization
Windows Sandbox Launcher

Zoom Client

The official desktop client for Zoom, the popular video conferencing and collaboration tool used by millions of people worldwide
Zoom Client

Bitdefender Antivirus Free

Feather-light and free antivirus solution from renowned developer that keeps the PC protected at all times from malware without requiring user configuration
Bitdefender Antivirus Free

ShareX

Capture your screen, create GIFs, and record videos through this versatile solution that includes various other amenities: an OCR scanner, image uploader, URL shortener, and much more
ShareX

7-Zip

An intuitive application with a very good compression ratio that can help you not only create and extract archives, but also test them for errors
7-Zip

paint.net

Packed with an array of options and an intuitive interface, this application enables you to create professional-looking photographs
paint.net

Microsoft Teams

Effortlessly chat, collaborate on projects, and transfer files within a business-like environment by employing this Microsoft-vetted application
Microsoft Teams

IrfanView

With support for a long list of plugins, this minimalistic utility helps you view images, as well as edit and convert them using a built-in batch mode
IrfanView

% discount
paint.net
  • paint.net
  • Microsoft Teams
  • IrfanView
  • calibre
  • 4k Video Downloader
  • Windows Sandbox Launcher
  • Zoom Client
  • Bitdefender Antivirus Free
  • ShareX
  • 7-Zip
TRY
essentials
User Comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy