You're in: Panda Security > Home Users > security-info > about-malware > encyclopedia > overview
Active Scan. Scan your PC free
Download Cloud Antivirus Gratis

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Atnas.A

Threat LevelModerate threatDamageHighDistributionNot widespread

Effects 

Atnas.A carries out the following actions:

  • It attempts to launch distributed denial of service attacks (DDoS) against the following websites:
    www.fliife.de
    www.fr
    ad.de
    www.muens.de
    www.siroes.com
    www10.fliife.de
  • The first time it is run, the following message is displayed:

  • The next times it is run, it displays a text file with the following message:

             .oo.
            HHHHHb.
           /`HHHHHHb    LOOK GUYS SANTA BASTARDS
           > `dHHHHH
          /  dHHHHHHb    TIGHT BITCH !!!!! SHE WANTS A
          :  HHHHHHHH
         .-""FHHHHHHH     REALLY HARD FUCK MAN !!!!!!!!!!
         |   JHHHHHHH
         J    FHHHHHHb
        + \   JHHHHHHH     C H R I S T M A S  V I R U S
      .'   \   FHHHHHH+_    (C) 2006 GERMANY
      `. ;  \   \HHHHF "+
        `|  _>   \HHF+_  \
         F_+"   .'J   |  j
        J+"   .': F   |  j
      _+"  _+'  : +_  |  F         Let it snow...
     %" .-'       . =.F j             Let it snow...
    |  ;I          \  =./                 Let it snow...
    |  (`-.......___+___L
     ```='"""""==_  "_.--'
         |        `./   J
         |        +' .' |
         F       J      |
         F      JF      F
        J       F|pigNukem

Infection strategy 

Atnas.A creates the following files:

  • SND32_WIN.EXE, SP32DLL.EXE, SP32SERVICE.EXE, WIN_I38.EXE, WINCBF.EXE, WINDLL.EXE, WINLIB32.EXE, in the Windows system directory. These files are copies of the worm.
  • REGEDIT.EXE, in the Windows directory. This file is also a copy of itself.
  • WHANDLE.DLL, in the Windows system directory.
  • SANTAS.BITCH.TXT, in the Windows system directory.
  • ERR.MSG, in the Windows directory.

Atnas.A creates the folder FUCK_U_MAN in the C: drive with the local drives B:, I:, J:, K:, X:, Y:, Z:.

 

Additionally, it uses the following strategy:

  • It makes a list of the active processes started by the user.
  • It ends them.
  • It renames the original executable files to the extension R.
  • It makes copies of itself with the names of the original files.
  • When the user runs any of those files, the worm is run and then, the original file with extension R, in order to go unnoticed.

On the other hand, it replaces the files, belonging to several security and P2P programs, of the following directories with a copy of itself:
C:\Kazaa.exe
C:\Programme\Antivir PersonalEdtion Classic\avcenter.exe
C:\Programme\Antivir PersonalEdtion Classic\avgnt.exe
C:\Programme\Antivir PersonalEdtion Classic\preupd.exe
C:\Programme\BitTorrent\bittorrent.exe
C:\Programme\BitTorrent\maketorrent.exe
C:\Programme\BitTorrent\uninstall.exe
C:\Programme\eMule\emule.exe
C:\Programme\LimeWire\ uninstall.exe
C:\Programme\LimeWire\LimeWire.exe
C:\Programme\Norton Antivirus\BootWarn.exe
C:\Programme\Norton Antivirus\ccIMScan.exe
C:\Programme\Norton Antivirus\Navap32.dll
C:\Programme\Norton Antivirus\navapsvc.exe
C:\Programme\Norton Antivirus\NAVAPW32.exe
C:\Programme\Norton Antivirus\NAVStub.exe
C:\Programme\Norton Antivirus\Navw32.exe
C:\Programme\Norton Antivirus\OPScan.exe
C:\Programme\Norton Antivirus\qconsole.exe
C:\Programme\Norton Antivirus\SAVScan.exe
C:\Programme\Norton AntivirusNavwnt.exe
C:\Programme\Spybot - Search & Destroy\blindman.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Spybot - Search & Destroy\Update.exe
C:\Programme\Zone Labs\ZoneAlarm\alert.zap
C:\Programme\Zone Labs\ZoneAlarm\d.exe
C:\Programme\Zone Labs\ZoneAlarm\filter.zap
C:\Programme\Zone Labs\ZoneAlarm\multiscan.exe
C:\Programme\Zone Labs\ZoneAlarm\programs.zap
C:\Programme\Zone Labs\ZoneAlarm\scan.zap
C:\Programme\Zone Labs\ZoneAlarm\zatutor.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
D:\InstallShield\Kazaa\kazaa.exe

Then, it replaces the extension of the original files with another one, and runs them in order to go unnoticed. This way, when the user runs any of these files, no anomaly will be noticed.
As the name of the directory does not depend on the language of the operating system, this action is limited to German operating systems.

 

Atnas.A creates the following entries in the Windows Registry:

  • HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
    Microsoft DLL Library = %sysdir%\winlib32.exe /reg

    where %sysdir% is the Windows system directory.
  • HKEY_CURRENT_USER \ Software\ Microsoft\ Windows\ CurrentVersion\ Run
    Windows Sound Emulator = %sysdir%\snd32_win.exe /snd
  • HKEY_CURRENT_USER \ Software\ Microsoft\ Windows\ CurrentVersion\ Run
    Graphics adapter service = %sysdir%\windll.exe /w
  • HKEY_CURRENT_USER \ Software\ Microsoft\ Windows\ CurrentVersion\ Run
    Santa Bastards Bitch = %sysdir%\SANTAS.BITCH.txt
  • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
    Microsoft Libary Service = %sysdir%\winlib32.exe /reg
  • HKEY_LOCAL_MACHINE \ Software\ Microsoft\ Windows\ CurrentVersion\ Run
    Windows Sound Device = %sysdir%\snd32_win.exe /snd
  • HKEY_LOCAL_MACHINE \ Software\ Microsoft\ Windows\ CurrentVersion\ Run
    Graphics adapter service = %sysdir%\windll.exe /w

    By creating these entries, Atnas.A ensures that it is run whenever Windows is started.
  • HKEY_LOCAL_MACHINE \ Software\ Microsoft\ Windows\ CurrentVersion\ Run
    Santa Bastards Bitch = %sysdir%\SANTAS.BITCH.txt

Means of transmission 

Atnas.A spreads through peer-to-peer (P2P) file sharing programs. In order to do so, it follows the routine below:

  • Atnas.A creates copies of itself in the shared directories belonging to several P2P programs, such as eMule under the following names:
    1234567890
    321 Studios GamesXCopy 1.0.8 Crack.exe.

    A
    Ad-aware Pro Crack.exe, Adobe Acrobat Reader crack.exe, Adobe Golive v6.0 Keygen.exe, Adobe Illustrator v10.0 Time Limit Crack.exe, Adobe ImageReady v1.0 crack.exe, Adobe PageMaker v7.0 Keygen.exe, Adobe Photoshop 7 Crack.exe, Adobe Photoshop 7 Cracked.exe, Adobe Photoshop 7 Keygen.exe, Adobe Photoshop 7 Setup.exe, Adobe Photoshop 7.exe, Adobe Photoshop all.exe, Adobe Serial Generator v2.0.exe, Age of Empires II The Age of Kings NO CD crack.exe, Age Of Mythology - The Titans no cd crack.exe, Age Of Mythology no cd crack.exe, Aim Hacker.exe, Aim Password Cracker.exe, Alias Acclaim crack.exe, All Macromedia Products Keygen.exe, Anti-Trojan 4.0.exe, Aol Hacker.exe, Aol Password Cracker.exe, ArtMoney SE v7.05.exe, Artys Flash Ripper Cracked.exe, Avant Browser.exe.

    B
    Backyard Baseball 2003 no cd crack.exe, Backyard Wrestling 2 - There Goes the Neighborhood Eidos Interactive rack.exe, Battlefield 1942 no cd crack.exe, Battlefield Vietnam EA Games crack.exe, Battlefield Vietnam Multiplayer Online Crack.exe, Besieger Strategy DreamCatcher Interactive crack.exe, Blinx 2 - Masters of Time & Space Microsoft crack.exe, Blitzkrieg - Burning Horizon Strategy CDV Software GmbH crack.exe, Britney Spears Dance Beat.exe.

    C
    Call of Duty Activision crack.exe, Call Of Duty no cd crack.exe, Cheat Engine 5.0.exe, City of Heroes Role-Playing NCsoft crack.exe, Civilization III crack.exe, Classic NES Series - The Legend of Zelda GBA Role-Playing Nintendo crack.exe, CloneDVD v1.x crack.exe, Command & Conquer - Generals no cd crack.exe, Command & Conquer - Generals Zero Hour no cd crack.exe, Command & Conquer - Generals Zero Hour Strategy EA Games crack.exe, Counter-Strike Condition Zero Keygen.exe, Credit card generator.exe, Crusader Kings Strategy Paradox Entertainment crack.exe, Cubase Audio XT 3.X crack.exe.

    D
    Dark Age Of Camelot - Trials Of Atlantis no cd crack.exe, Dark Matter - The Baryon Proj crack.exe, Deus Ex Invisible War NO CD Crack.exe, Diablo 2 NO CD crack.exe, DivX Player and Codec.exe, Doom 3 Activision crack.exe, DOOM 3 Crack.exe, DOOM 3 Hacks.exe, DOOM 3 Hackz.exe, Doom 3 NO CD Crack.exe, DOOM 3.exe, Download Accelerator Plus.exe, Dragon Ball Z - Budokai 3 Atari crack.exe, Dragon Ball Z - Supersonic Warriors GBA Atari crack.exe, Dragon Warrior VIII Role-Playing Square Enix crack.exe, DRIV3R Atari crack.exe, Dungeon Lords Role-Playing DreamCatcher Interactive crack.exe, Dungeon Siege no cd crack.exe, DVD Burner.exe, DVD Copy.exe, DVD Ripper Gold.exe, DVD Ripper.exe.

    E
    Email Bomber.exe, Email Extractor.exe, Email Spider by Zim.exe, eMule 0.44b.exe, eMule.exe, Enter the Matrix Atari crack.exe, ESPN NFL 2K5 Sega crack.exe, Exe Icon Changer 3.753.exe.

    F
    F.E.A.R. VU Games crack.exe, Fable Role-Playing Microsoft crack.exe, Far Cry Ubisoft crack.exe, Final Fantasy VII - Advent Children PSP Role-Playing Square Enix crack.exe, Final Fantasy XI - Square Enix USA no cd crack.exe, Final Fantasy XII Role-Playing Square Enix crack.exe, Fire Emblem - Seima no Kouseki GBA Role-Playing Nintendo crack.exe, Flash Golf.exe, Flash MX Keygen.exe, Flash Ripper.exe, FlashFXP 2 RC2 Crack.exe, FlashFXP v1.4.1 Crack.exe, FlashFXP v1.4.3 Crack.exe, FlashFXP v2.0 Crack.exe, FlashFXP v2.1 crack.exe, FlashFXP v2.2 crack.exe, FlashGet.exe, Forgotten Realms - Demon Stone Atari crack.exe, Free Mpegs.exe, Free Pics.exe, FREE PORN!.exe, Freedom Force no cd crack.exe, Front Mission 4 Strategy Square Enix crack.exe, Full Spectrum Warrior Strategy THQ crack.exe.

    G
    GameCube Emulator by zim.exe, GameCube Emulator.exe, Gamecube Rom Extractor.exe, GameHack.exe, Gatehound.exe, Geist GC Nintendo crack.exe, Goblin Commander - Unleash the Horde Strategy Jaleco Entertainment crack.exe, Gran Turismo 4 SCEA crack.exe, Grand Theft Auto - San Andreas Rockstar Games crack.exe, Grand Theft Auto 3 no cd crack.exe, Grand Theft Auto III no cd crack.exe, Grand Theft Auto San Andreas NO CD crack.exe, Grand Theft Auto Vice City NO CD crack.exe, GTA crack.exe, Gunbound Aimbot Pro Gold 1.4 by Zim.exe, Gunbound Aimbot.exe, Gunbound Cracker.exe, Gunbound Exploitz 1.3 by zim.exe, Gunbound Hacker Pro 1.1.exe, GunboundWC Aimbot 3.1 by D4rk.exe, GunboundWC Aimbot Gold.exe, GunboundWC Aimbot Pro.exe, GunboundWC Avatar Hack.exe, GunboundWC Free Avatar!.exe, GunboundWC Free Avatar.exe, GunboundWC FREE GOLD!.exe, GunboundWC Free Gold.exe, GunboundWC Gold Hack.exe, GunboundWC Hacker.exe, GunboundWC Hacks.exe, GunboundWC Hackz.exe, Gunz Online 999999 Bounty.exe, Gunz Online Bounty Hack.exe, Gunz Online Cracker.exe, Gunz Online Exploitz - By Zim.exe, Gunz Online God mode.exe, Gunz Online Hacker Pro 1.2 - By DarkExploitz.exe, Gunz Online Hacks.exe, Gunz Online Hackz.exe, GunzInternational_20050706.exe.

    H
    Hack32.exe, Half-Life 2 Keygen.exe, Half-Life 2 NO CD Crack.exe, Half-Life 2 VU Games crack.exe, Halo - Combat Evolved - Microsoft no cd crack.exe, Halo 2 Crack.exe, Halo 2 Hacks.exe, Halo 2 Hackz.exe, Halo 2 Setup.exe, Harry Potter & The Sorcerers Stone no cd crack.exe, Harry Potter and the Prisoner of Azkaban Adventure EA Games crack.exe, Harry Potter and the Sorcerers Stone no cd crack.exe, Heroes of Might & Magic IV no cd crack.exe, Hidden & Dangerous 2 NO CD Crack.exe, Hotmail Cracker.exe, Hotmail Hacker.exe.

    I
    Icewind Dale 2 no cd crack.exe, ICQ 4.exe, ICQ Pro 2003b.exe, iMesh patch.exe, Irc Client.exe.

    J
    J.Lo Bikini Screensaver.exe, Jedi Academy NO CD Crack.exe, Joint Operations - Typhoon Rising NovaLogic crack.exe, Juiced Acclaim crack.exe.

    K
    Kingdom Hearts II Role-Playing Square Enix crack.exe, Knights Apprentice Memoricks Adventures Games crack.exe.

    L
    lifefuxor.exe, Limewire Pro Crack.exe, LimeWire server scanner.exe, line Cracked.exe.

    M
    Macromedia ColdFusion MX crack.exe, Macromedia Contribute v2.0 crack.exe, Macromedia Director 8 Crack.exe, Macromedia Dreamweaver 4.0 Patch.exe, Macromedia Dreamweaver MX v6.0 crack.exe, Macromedia Dreamweaver UltraDev 4.0 Patch.exe, Macromedia Fireworks 4.0 Patch.exe, Macromedia Flash All Versions keygen.exe, Macromedia Flash MX v6.0 crack.exe, Macromedia Flash SWF-Unprotect v2.0.exe, Macromedia FreeHand v10 Loader.exe, Macromedia Keygen.exe, Madden NFL 2003 no cd crack.exe, Madden NFL 2005 EA crack.exe, Mafia no cd crack.exe, Malice Mud Duck Productions crack.exe, Mario Pinball Land GBA Puzzle Nintendo crack.exe, Mario Tennis GC Nintendo crack.exe, Mass Emailer.exe, Mass Mailer - by ceo.exe, Matrix Screensaver.exe, Max Payne 2 Fall Of Max Payne no cd crack.exe, Max Payne 2 NO CD Crack.exe, McFarlanes Evil Prophecy Konami crack.exe, Medal Of Honor - Allied Assault BreakThrough no cd crack.exe, Medal Of Honor - Allied Assault no cd crack.exe, Medal of Honor Pacific Assault EA Games crack.exe, Medieval - Total War no cd crack.exe, Mega Man Anniversary Collection GC Capcom crack.exe, Metal Gear Acid PSP Strategy Konami crack.exe, Metal Gear Solid 3 - Snake Eater Konami crack.exe, Microsoft Flight Simulator 2004 - A Century Of Flight no cd crack.exe, Microsoft Office 2000 Regmaker.exe, Microsoft Office XP Activation Crack.exe, Microsoft Office XP Activation Killer.exe, Microsoft Office XP Professional Crack.exe, Microsoft Office XP Professional Serial.exe, Microsoft Office XP Universal Activator v1.0.exe, Midnight Club 3 - DUB Edition Rockstar Games crack.exe, mirc 6.1x reg entries.exe, mIRC 6.X crack.exe, Morpheus patch.exe, MS Office XP Activation Crack.exe, MS Zoo Tycoon no cd crack.exe, MSN advert remover.exe, MSN Toolbar advert remover.exe, MVP Baseball 2004 EA crack.exe.

    N
    NAV 2005 Crack.exe, NBA Live 2003 crack.exe, NBA Live 2004 crack.exe, NCAA Football 2005 EA crack.exe, Need For Speed 5 - no cd.exe, Need for Speed Hot Pursuit 2 CD KeyGenerator.exe, Need for speed underground - nocd.exe, Need for Speed Underground 2 crack.exe, Need for Speed Underground 2 Electronic Arts crack.exe, Need for Speed Underground 2 NO CD crack.exe, Need for Speed Underground NO CD crack.exe, Need for Speed4 - NOCD.exe, Nero Burning ROM v6.x crack.exe, Ninja Gaiden Tecmo crack.exe, Nortan Anti Virus 2005 Crack.exe, Nuker Pro 1.3.exe, Nuker.exe.

    O
    Onimusha 3 - Demon Siege Adventure Capcom crack.exe.

    P
    Play Games Online For FREE.exe, PortFUCK.exe, Portscanner by Jez.exe, Poser 5.exe, Poser 6 Crack.exe, Poser 6.exe, ProRat Gold.exe, PS2 Emulator by Zim.exe, PS2 Emulator.exe, PS2 Rom Extractor.exe, Psi-Ops - The Mindgate Conspiracy Midway crack.exe, Purge Jihad Freeform Interactive LLC crack.exe.

    Q
    Qauke.exe, Quake Arena Crack.exe, Quake Arena Keygen.exe, Quake Arena.exe.

    R
    RealPlayer crack.exe, Red Dead Revolver Rockstar Games crack.exe, Resident Evil 4 GC Adventure Capcom crack.exe, Rise of Nations - Thrones & Patriots Strategy Microsoft crack.exe, RoboForm crack.exe, Roller Coaster Tycoon no cd crack.exe, Roxio Easy CD Creator 5 Crack.exe, Runescape Cracker.exe, Runescape Hacker Pro 3.1.exe, Runescape Hackz.exe, Runescape Money Hack.exe, RYL crack.exe.

    S
    Second Life Role-Playing Linden Lab crack.exe, Shadow Ops - Red Mercury Atari crack.exe, ShellShock - Nam 67 Eidos Interactive crack.exe, Silent Storm - Sentinels Strategy _No Company crack.exe, Sim City 4 - Rush Hour no cd crack.exe, Sim City 4 Deluxe no cd crack.exe, Sim Theme Park World no cd crack.exe, Snood crack.exe, Snowblind Eidos Interactive crack.exe, Soldier of Fortune II- Double Helix no cd crack.exe, SolSuite 2004 - Solitaire Card Games Suite crack.exe, Sonic the Hedgehog 3 crack.exe, Spider-Man 2 Activision crack.exe, Spider-Man 2 GC Activision crack.exe, Sponge Bob Square Pants - Operation Krabby Patty no cd crack.exe, Spybot Search and Destroy.exe, Spyware Doctor Crack.exe, Star Wars - Jedi Knight - Jedi Academy no cd crack.exe, Star Wars - Knights of the Old Republic Role-Playing LucasArts crack.exe, Star Wars Galactic Battlegrounds- Clone Campaigns no cd crack.exe, Star Wars Jedi Knight II - Jedi Outcast no cd crack.exe, Starcraft - Battlechest no cd crack.exe.

    T
    The Chronicles of Riddick - Escape From Butcher Bay VU Games crack.exe, The Legend of Zelda - Four Swords Adventures GC Nintendo crack.exe, The Legend of Zelda - The Minish Cap GBA Nintendo crack.exe, The Lord of the Rings The Return of The King crack.exe, The Matrix On, The Matrix Online Crack.exe, The Matrix Online.exe, The Sims - Hot Date Expansion Pack no cd crack.exe, The Sims - Makin Magic Expansion Pack no cd crack.exe, The Sims - Superstar Expansion Pack no cd crack.exe, The Sims - Unleashed Expansion Pack no cd crack.exe, The Sims - Vacation Expansion Pack no cd crack.exe, The Sims 2 crack.exe, The Sims Deluxe no cd crack.exe, The Sims Double Deluxe no cd crack.exe, The Sims Game Crack.exe, The Sims no cd crack.exe, The Suffering Encore Software Inc. crack.exe, The Suffering Midway crack.exe, Thief - Deadly Shadows Eidos Interactive crack.exe, Tiger Woods PGA Tour 2004 crack.exe, Tom Clancys Ghost Recon - Desert Siege no cd crack.exe, Tony Hawks Underground crack.exe, Trillian crasher.exe, TSearch (Undetectable).exe.

    U
    Universal Game Crack.exe, Unreal Tournament 2003 no cd crack.exe.

    V
    Vampire - The Masquerade - Bloodlines Role-Playing Activision crack.exe.

    W
    Warcraft 3 Battle.net Crack.exe, Warcraft III - Reign Of Chaos no cd crack.exe, Warez P2P.exe, Webclaw 8 by Seven.exe, Webroot Spy Sweeper.exe, Website Hacker.exe, Website Nuker by Techo.exe, Win An Xbox.exe, Windows Hacker.exe, windows server 2003 crack.exe, Windows XP home edition Activation.exe, Winmx.exe, Winrar.exe, WinZip 9.0 Crack by Genta.exe, WinZip All Versions keygen.exe, Winzip keygen.exe, WinZip Self-Extractor v2.2 Patch.exe, WinZip v8.0 Keygen.exe, WinZip v8.x - v9.x patch.exe, WinZIP v9.0 Keygen.exe, Working Iso Burner.exe, World of Warcraft Role-Playing Blizzard Entertainment crack.exe, Worms Armageddon NO CD crack.exe, WWE Day of Reckoning GC THQ crack.exe, WWE SmackDown! vs. Raw THQ crack.exe.

    X
    XBOX Emulator by zim.exe, XBOX Emulator.exe, XBOX Rom Extractor.exe, XBOX X-Fer Ripper and Transfer.exe, XXX PORN FREE!!!.exe.

    Y
    Yoshinoya Success crack.exe.
    Z
    ZoneAlarm crack.exe, Zoo Tycoon - Complete Collection no cd crack.exe, Zoo Tycoon- Dinosaur Digs no cd crack.exe, Zoo Tycoon no cd crack.exe.
  • Other users of these programs can remotely access these shared directories. This way, they voluntarily download these files to their computers, thinking that they are useful computer programs. However, they will actually download a copy of the worm to their computers.
  • When the downloaded file is run, such computers will be affected by Atnas.A.

Further Details  

Atnas.A is written in the programming language Delphi. This worm is 203,765 bytes in size.