Popular Reviews

Adware Removal

» Adware Removal

Rogueware Removal

» Rogueware Removal

Keylogger Removal

Fix PC Errors

Helpful Definitions

Learn More

» Learn More

Antispyware Reviews

Registry Cleaner Reviews

Firewall Reviews

Spam Filter Reviews

W32.Sinnaka.A@mm

Kudos:

"You guys rock. Your instructions were spot on! Thank You"
- J. Powell

"I was infected by SystemTool today. Thanks for the help on the page. I have removed it completely"
- L. Lepsře

"Your web page on Regclean was extremely helpful and very, very education. Its objectivity to was nothing short of excellent. Thank you..."
- Anthony G. Muya

"I want to express my thanks for the information on removing the browser hijacker. I took the steps you suggested and the follow-on precautions to prevent future infections... Thanks again"
- Carlos


For Information and Removal of W32.Sinnaka.A@mm

    - what is W32.Sinnaka.A@mm
    - automatic and manual removal instructions
    - personal assistance provided online or by phone to safely remove W32.Sinnaka.A@mm.

 

W32.Sinnaka.A@mm – Worming Its Way To You

The idea of having a computer worm on your system is a frightening prospect. W32.Sinnaka.A@mm is little different from other worms, and if you think you have it on your system, it's best to do something about it right away.

What Is A Computer Worm?

A computer worm is a program that has the ability to reproduce itself. Without the help of anyone else, once a worm is released, it can send itself to thousands of other computer users, becoming nearly impossible to stop.

Computer worms have lots of capabilities. They can consume bandwidth, essentially locking traffic to a halt on the information superhighway. They can also open and expose security risks on any given machine. Moreover, a worm can collect data about the computer user and delete important files.

In the case of W32.Sinnaka.A@mm, the real goal seems to be replication. It looks at your saved e-mail addresses, then sends an infected e-mail to each of the users on  your list, making sure everyone you know has W32.Sinnaka.A@mm as well.

Any version of Windows or Windows Server platform can be affected, but it's a fairly low risk worm, and removal is not difficult, but as with any computer problem, it certainly can be a hassle.

How Does  W32.Sinnaka.A@mm Work?

There are a number of things to watch for with W32.Sinnaka.A@mm. First, it makes a copy of itself as %System%lsess.exe. From there, it creates each of the following .zip files:

          * %System%lsess.zip

          * %System%credit card.zip

          * %System%edonkey 1.1.zip

          * %System%emoticons msn.zip

          * %System%hotmail passwords howto.me.zip

          * %System%lsess.zip

          * %System%norton antivirus.zip

          * %System%overnet full.zip

          * %System%windows commander.zip

          * %System%windows xp activate.zip

          * %System%winzip cracked.zip

That complete, these files will become part of your system: %System%zlib.dll, and %System$ansmtp.dll. It also adds "lsess" = "%System%lsess.exe" to each of these registry subkeys:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun

HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunServicesOnce

HKEY_CLASSES_ROOTtxtfileshellopencommand

That means it will run every time you start your computer. From there, it registers the SMTP (Simple Mail Tranfer Protocol) engine, and starts sending e-mails. Most of the subjects will be in the following list:


* Administration

* Bad Request

* Delivery Protection

* Delivery Server

* Encripted Mail

* Error

* Extended Mail

* Extended Mail System

* Failure

* Mail Authentification

* Mail Server

* Notify

* Protected Mail Delivery

* Protected Mail Request

* Protected Mail System

* SMTP Server

* Secure SMTP Message

* Secure delivery

* Status

* Test

* Thank you for delivery

* Thanks!

* approved

* corrected

* hello

* here

* hi

* important

* improved

* patched

* read it immediately


 

Remember that it wants an e-mail the people on your list will actually open, and most of these subject lines are cause for just that. From there, the message of the e-mail will contain one of the following:

           


* Bad Gateway: The message has been attached.

* Delivered message is attached.

* Encrypted message is available.

* ESMTP [Secure Mail System #334]: Secure message is attached.

* First part of the secure mail is available.

* Follow the instructions t  read the message.

* For further details see the attachment.

* For more details see the attachment.

* Forwarded message is available.

* New message is available.

* Now a new message is available.

 * Partial message is available. Waiting for a Response. Please read the attachment.

* Please authenticate the secure message.

* Please confirm my request.

* Please read the attachment t  get the message.

* Protected Mail System Test.

* Protected message is attached.

* Protected message is available.

* Secure Mail System Beta Test.

* SMTP: Please confirm the attached message.

* Waiting for authentification.

* You got a new message.

* You have received an extended message. Please read the instructions.

 * Your requested mail has been attached.


Again, the entire goal is to get the other person to open the message so the worm can continue to replicate, and since the mail looks like it's coming from you, many of your contacts may think it is safe to open. One of these is inevitably followed by one of these:


* Authentication required.

* I have attached your document.

* Please see the attached file for details.

* I have received your document. The corrected document is attached.

* Please confirm the document.

* Please read the attached file!

* Please read the attached file!

* Please read the document.

* Please read the important document.

* Requested file.

* See the file.

* Your details.

* Your document is attached t  this mail.

* Your document is attached.

* Your document.

* Your file is attached.


From there, this e-mail that looks like it's coming from you offers some measure of security to your contacts by saying "Attachment: No   Virus found." It even follows it up with one of these to make it look a bit more secure:

          * +++ MessageLabs AntiVirus - www.messagelabs.com

          * +++ Bitdefender AntiVirus - www.bitdefender.com

          * +++ MC-Afee AntiVirus - www.mcafee.com

          * +++ Kaspersky AntiVirus - www.kaspersky.com

          * +++ Panda AntiVirus - www.pandasoftware.com

          * ++++ Norman AntiVirus - www.norman.com

          * ++++ F-Secure AntiVirus - www.f-secure.com

          * ++++ Norton AntiVirus - www.symantec.de

 

The actual attachment to this wormy message will look like one of these:

          * data.zip

          * details.zip

          * document.zip

          * Message.zip

          * msg.zip

          * readme.zip

 

That .zip file is sure to have one of these .exe files in it.

          * Document.txt [many spaces].exe

          * Delails.doc [many spaces].exe

          * Data.txt [many spaces].exe

          * Readme.txt [many spaces].exe

 

Once opened by the recipient, the worm has won, and it gets to start the process all over again by ending one or several of the processes listed at the end of this article as soon as it's opened, thus allowing it to continue it's merry journey to the next set of recipients. There are thousands of combinations here, and the worm is counting on the stupidity of people to keep going.

How Can I Protect Myself From W32.Sinnaka.A@mm?

Protecting yourself from W32.Sinnaka.A@mm is a fairly easy process. First, keep your security patches up to date. In many cases, you can prevent a worm problem before it starts by working with security patches. Second, never open an e-mail from someone you don't know, and never open an attachment that you don't expect to get.

How Can I Remove  W32.Sinnaka.A@mm?
The best way to get rid of  W32.Sinnaka.A@mm is to use a good antispyware product like ParetoLogic. Keep your files up to date, and scan your system regularly for problems, and you will be safe from W32.Sinnaka.A@mm.

Processes W32.Sinnaka.A@mm can end:

        


       * avpmon.exe

          * avp32.exe

          * VPC32

          * zonealarm.exe

          * vshwin32.exe

          * vet95.exe

          * tbscan.exe

          * serv95.exe

          * Nspclean.exe

          * clrav.com

          * scan32.exe

          * rav7.exe

          * navw.exe

          * outpost.exe

          * nmain.exe

          * navnt.exe

          * mpftray.exe

          * lockdown2000.exe

          * avpcc.exe

          * icssuppnt.exe

          * icload95.exe

          * iamapp.exe

          * findviru.exe

          * f-agnt95.exe

          * dv95.exe

          * dv95_o.exe

          * claw95ct.exe

          * cfiaudit.exe

          * avwupd32.exe

          * avptc32.exe

          * _avp32.exe

          * avgctrl.exe

          * apvxdwin.exe

          * _avpcc.exe

          * wfindv32.exe

          * vsecomr.exe

          * tds2-nt.exe

          * sweep95.exe

          * EFINET32.EXE

          * scrscan.exe

          * safeweb.exe

          * persfw.exe

          * navsched.exe

          * nvc95.exe

          * nisum.exe

          * navlu32.exe

          * ALOGSERV

          * AMON9X

          * AVGSERV9

          * AVGW

          * avkpop

          * avkservice

          * AvkServ

          * avkwctl9

          * AVXMONITOR9X

          * AVXMONITORNT

          * AVXQUAR

          * moolive.exe

          * jed.exe

          * icsupp95.exe

          * ibmavsp.exe

          * frw.exe

          * f-stopw.exe

          * espwatch.exe

          * procexp

          * filemon.exe

          * regmon.exe

          * dvp95.exe

          * cfiadmin.exe

          * avwin95.exe

          * avpm.exe

          * avp.exe

          * ave32.exe

          * anti-trojan.exe

          * webscan.exe

          * webscanx.exe

          * tds2-98.exe

          * SymProxySvc

          * SYMTRAY

          * TAUMON

          * TCM

          * TDS-3

          * TFAK

          * vbcmserv

          * VbCons

          * VSMAIN

          * vsmon

          * WIMMUN32

          * WGFE95

          * WEBTRAP

          * WATCHDOG

          * WrAdmin

          * sphinx.exe

          * scanpm.exe

          * taskmgr

          * rescue.exe

          * pcfwallicon.exe

          * pavcl.exe

          * nupgrade.exe

          * navwnt.exe

          * navapw32.exe

          * luall.exe

          * iomon98.exe

          * icmoon.exe

          * fprot.exe

          * f-prot95.exe

          * esafe.exe

          * cleaner3.exe

          * IBMASN.EXE

          * AVXW

          * cfgWiz

          * CMGRDIAN

          * CONNECTIONMONITOR

          * CPDClnt

          * DEFWATCH

          * CTRL

          * defalert

          * defscangui

          * DOORS

          * EFPEADM

          * ETRUSTCIPE

          * EVPN

          * EXPERT

          * fameh32

          * fch32

          * fih32

          * blackice.exe

          * avsched32.exe

          * avpdos32.exe

          * avpnt.exe

          * avconsol.exe

          * ackwin32.exe

          * NWTOOL16

          * pccwin97

          * PROGRAMAUDITOR

          * POP3TRAP

          * PROCESSMONITOR

          * PORTMONITOR

          * POPROXY

          * pcscan

          * pcntmon

          * pavproxy

          * PADMIN

          * pview95

          * rapapp.exe

          * REALMON

          * RTVSCN95

          * vsstat.exe

          * vettray.exe

          * tca.exe

          * smc.exe

          * scan95.exe

          * rav7win.exe

          * gbmenu

          * pccwin98.exe

          * KPFW32.EXE

          * ADVXDWIN

          * padmin.exe

          * normist.exe

          * navw32.exe

          * n32scan.exe

          * lookout.exe

          * iface.exe

          * icloadnt.exe

          * SPYXX

          * SS3EDIT

          * SweepNet

          * iamserv.exe

          * fp-win.exe

          * f-prot.exe

          * fsmb32

          * ecengine.exe

          * cleaner.exe

          * cfind.exe

          * blackd.exe

          * RULAUNCH

          * sbserv

          * SWNETSUP

          * WrCtrl

          * avpupd.exe

          * avkserv.exe

          * autodown.exe

          * _avpm.exe

          * regedit.exe

          * msconfig.exe

          * FPROT95.EXE

          * sfc.exe

          * fsma32

          * regedt32.exe

          * offguard.exe

          * pav.exe

          * pavmail.exe

          * per.exe

          * perd.exe

          * pertsk.exe

          * perupd.exe

          * pervac.exe

          * pervacd.exe

          * th.exe

          * th32.exe

          * th32upd.exe

          * thav.exe

          * thd.exe

          * thd32.exe

          * thmail.exe

          * alertsvc.exe

          * amon.exe

          * kpf.exe

          * antivir

          * avsynmgr.exe

          * cfinet.exe

          * cfinet32.exe

          * icmon.exe

          * lockdownadvanced.exe

          * lucomserver.exe

          * mcafee

          * navapsvc.exe

          * navrunr.exe

          * nisserv.exe

          * nsched32.exe

          * pcciomon.exe

          * pccmain.exe

          * pview95.exe

          * Avnt.exe

          * Claw95cf.exe

          * Dvp95_0.exe

          * Vscan40.exe

          * Icsuppnt.exe

          * Jedi.exe

          * N32scanw.exe

          * Pavsched.exe

          * Pavw.exe

          * Avrep32.exe

          * Monitor.exe

          * fsgk32

          * fsm32

          * GBPOLL

          * GENERICS

          * GUARD

          * IAMSTATS

          * ISRV95

          * LDPROMENU

          * LDSCAN

          * LUSPT

          * MCMNHDLR

          * MCTOOL

          * MCUPDATE

          * MCVSRTE

          * MGHTML

          * MINILOG

          * MCVSSHLD

          * MCAGENT

          * MPFSERVICE

          * MWATCH

          * NeoWatchLog

          * NVSVC32

          * NWService

          * NTXconfig

          * NTVDM

          * ntrtscan

          * npssvc

          * npscheck

          * netutils

          * ndd32

          * NAVENGNAVEX15

          * notstart.exe

          * zapro.exe

          * pqremove.com

          * BullGuard

          * CCAPP.EXE

          * vet98.exe

          * VET32.EXE

          * VCONTROL.EXE

          * claw95.exe

          * ANTS

          * ATCON

          * ATUPDATER

          * ATWATCH

          * AutoTrace

          * AVGCC32

          * AvgServ

          * AVWINNT

          * fnrb32

          * fsaa

          * fsav32

          * ZAP.EXE

          * ZAPD.EXE

          * ZAPPRG.EXE

          * ZAPS.EXE

          * ZCAP.EXE

          * VPTRAY


 



Removing W32.Sinnaka.A@mm Automatically/Safely

For free automatic removal we recommend using Malwarebytes Anti-Malware. This program is widely recommended by reputable third-party sites, so you can be reasonably confident of its ability to safely get rid of W32.Sinnaka.A@mm and any hidden Trojans. As a precaution we recommend double checking your system with SpyHunter. This program requires paid registration to enable deletions, however it has a money back guaranteed and is the top of the line in malware removal. It should catch malware that evades Malwarebytes and block anything that tries to reinstal itself.

Download SpyHunter

Remove W32.Sinnaka.A@mm Now:

  1. Download and install Malwarebytes Anti-Malware and SpyHunter Download  
  2. Run a scan with Malwarebytes Anti-Malware.
  3. Remove all the detected infections (free).
  4. Run a scan with SpyHunter
  5. Remove any remaining infections
  6. Reboot and rescan with SpyHunter. Your computer should now be clean.

Important note: If Malwarebytes is blocked by malware then run Chameleon (Start Menu → All Programs → MalwareBytes' Anti-Malware → Tools → Malwarebytes' Anti-Malware Chameleon). If you need further help removing W32.Sinnaka.A@mm please email us at info@removeadware.com.au or call for personal assistance on toll-free number 888-655-3453, within the USA and Canada.


Disclaimer: This webpage was created to provide information on W32.Sinnaka.A@mm and how to uninstall it. Manual removal instructions are intended for use by technical experts and should be used at your own risk. We do not own or endorse W32.Sinnaka.A@mm.




We are affiliated with some of the legitimate programs recommended on this website. Should you choose to use the programs recommended here, we may receive a fee that will help support the site.

NEWS | ARTICLES | REVIEWS | CONTACTS | LINK TO US
All content copyright 2006-2017, RemoveAdware.com.au. Author: Wayne Davis.
All Rights Reserved. All trademarks and company brand names are acknowledged.
Privacy Policy | Terms Of Service