|
Description:
This memory-resident worm propagates by sending a copy of itself as an attachment to email messages.
The attached copy of this worm uses the Microsoft folder icon to trick users into opening it, effectively executing this worm. It also opens a Windows Explorer window in an attempt to hide its process.
It then drops several copies of itself in different folders using varying file names. On affected systems running on Windows 2000, XP, and Server 2003, it drops copies of itself in a hardcoded path under the User Profile folder. It also creates a folder in the said hardcoded path.
This worm may restart the affected system when it finds a window with the strings ".EXE" and "REGISTRY" in the title bar.
It overwrites the AUTOEXEC.BAT, which is found in C:\. The said routine causes affected systems running on Windows 95, 98, and ME to pause during startup. The user is then required to press any key for Windows to start.
It also modifies certain registry entries, effectively removing the Folder Options item from all Windows Explorer menus and from Control Panel. As a result, affected users cannot use the Folder Options dialog box. This worm also disables Registry Tools.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 28, 2005 1:05:50 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
