|
Description:
This destructive, polymorphic, Visual Basic Script (VBS) virus propagates via email in Microsoft Outlook, Gnutella network, and MIRC. It infects files or copies itself to local and network drives.
Upon first execution, it creates 10,000 randomly named directories in the root directory Drive C:\. It creates a text file with the same name in each directory. The file contains the following message: Empty spaces - what are we waiting for
Abandoned places - I guess we know the score
Does anybody know what we are looking for
Inside my heart is breaking
My make-up may be flaking
But my smile still stays on
Whatever happens I'll leave it all to chance
Does anybody know what we are living for
Outside the dawn is breaking
But inside in the dark I'm aching to be free
My soul is painted like the wings of butterflies
Memories of yesterday will grow but never die
I can fly - my friends
I have to find the will to carry on
cause the show must go on - I love you, eva!
It then deletes the REGEDIT.EXE file and attempts to download and execute a CIH.EXE file from the http://fws.freewebspace.com. Three days after it has installed itself, it disables the Windows Desktop using the registry, and then overwrites the AUTOEXEC.BAT file with instructions to format the Hard Drive C:\ upon next boot up. It also deletes the USER.DAT and SYSTEM.DAT files and then restarts Windows.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 20, 2001 12:30:00 PM GMT -0800
Description updated: Aug. 28, 2001 9:20:00 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
