W32/Tutiam.A is a memory resident worm. The worm will infect Windows systems and spreads through email and Internet Relay Chat (IRC).
The infected email carries a spoofed 'From' address picked up randomly from the infected system
The subject of the infected mail will be any one of the following;
<Blank>
Message from:
Nachricht von
Re:
Sweetheart ;)
The body of the infected mail will be any one of the following; Adios Amigos! Also, schreib mir was du denkst... Archiv Bis denne.. Byea... Check_it_out_now Creating a homepage is so much fun! Cya.. Datei Deine_Datei DeinFile Der Hammer :D... Du solltest auch ne Homepage machen ;) Eine Homepage zu machen ist echt fun! Funny stuff :] check it! Funny stuff in the archive, i luv it ;D FunnyStuff Gimme feedback what you think about my homepage! Gut heh? ;D Gute page, oder?! Ich arbeite weiter dran... Guten Tag h0t_shit Hab eine einfache Homepage erstellt Hab ne website gebastelt :) Hallo Have a nice day!! Hehe, die Bilder im Archiv gefallen mir so richtig gut ;)) Hello Here is your file... Hey Dude! Hey Kumpel!! Heya, Heya... Hi, how are you, Hier is ja deine Datei... Hoy Hoy ;) I build a website ;) I create a simple homepage!!! I played a little bit, and look what i have made: I've made a homepage! Just some pictures, but i keep on working ;) I've made a website... Ich hab eine Webseite erstellt! Sind zwar nur ein paar Bilder, aber ich arbeite dran ;) Ich hab mal ein bisschen gebastelt, und schau was draus geworden ist: Ich hab ne Webseite gemacht... Ich sag nur Anhang :] Ja Man! Meine persoehnliche Website!!!!! Let's do more stuff for my homepage ;D... Look at my first homepage! Man sieht sich! Much fun with my page! Na... was los? Nerv mal nich so, schau dir den Anhang an! Next time.. Nice heh!?!? ;D Nice page, or not?! I keep on working... No words, just look at it, hrhr. Noch nich viel aber... Not much but... Sag mir was du von meiner allerersten Homepage haelst! Schau dir das einfach mal an, da wird man doch crazy, oder??? Schau dir meine erste Homepage an! Schau_es_dir_an So, answer what you think... So, ich bastel jetzt noch ne Runde weiter... The file you asked for is attached!! Tschau Viel Spass noch mit der Page! Was geht... Was geht?! Whassup... Whats up?! Yeah man! My personal website!!! You should create a website too ;) YourFile
Upon execution, the worm copies itself as strangler.exe, Tamiami.vbs, Tamiami.wrd and tamver.sys in the Windows folder. It also copies index.htm and Pictures.exe in the Windows\tamweb folder.
The worm modifies registry at the following location to load itself during each startup.
It then joins to a specific chatroom. While in the chatroom, the worm sends a private messages to all users containing a link to the Web site from where the copy of a worm may be downloaded.
The worm also searches for the files having the extension .zip and .rar on the infected system.
If found, it adds a copy of itself to the said archives that are not password protected.
Proland
Software is the developer of Protector Plus range of antivirus software
packages. Protector Plus 2009 is available for Windows Vista, Windows 95/98/Me, Windows
XP, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS
and NetWare servers.
Protector Plus range of antivirus products
offer on-line virus detection and removal. All the packages have the ability
to detect and isolate all types of viruses, trojans, worms and other types
of malware.
Protector Plus antivirus software can detect and remove W32/Tutiam.A Worm reliably.
These products are updated on a continuous basis and the latest upgrades
for all the platforms are made available for downloading from this site.
About
Protector Plus Antivirus Software Packages:
Adios Amigos! 
