Welcome to the Virus Encyclopedia of Panda Security.
|Alias:||Win32.HLLW.Axatak W32.HLLW.Axata W32/Axatak.worm|
|Effects: ||It steals passwords, opens two ports, leaves affected computers vulnerable and continually accesses the floppy disk drive.|
|Detection updated on:||March 20, 2003|
Axatak is a dangerous worm, as when it has infected a computer it tries to obtain the passwords of the affected computer for a series of resources.
Axatak also acts as a backdoor type Trojan, as it opens the communications ports 8050 and 8051, through which it accesses the Internet. By doing this, it also allows a hacker to gain remote access to the computer's resources. An attacker would be able to send files, open and close the CD-ROM tray, etc.
Finally, Axatak also attempts to access the floppy disk drive every five minutes.
An indication that Axatak has reached a computer is a suspicious file that has a similar icon to Windows system programs:
There are several indications that suggest that Axatak has infected a computer:
The floppy disk drive starts working every five minutes for no apparent reason.
The CD-ROM tray opens and closes for no apparent reason.
If you have a firewall program installed, it warns you several times that there is activity on ports 8050 and 8051.