Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Alias:
Type:Worm 
Size:36.864 Bytes 
Origin: 
Date:12-05-2000 
Damage:Sent by email. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Medium 

DistributionThe Internet worm tries to send itself over Outlook to all addresses in the Address Book. The email's structure:

Subject: A great Shockwave flash movie
Body: Check out this new flash movie that I downloaded just now ... It's Great Bye Attachment: CREATIVE.EXE

Technical DetailsWhen activated, this Internet worm creates the following copies of itself:

C:\CREATIVE.EXE
C:\%WinDIR%\TEMP\CREATIVE.EXE C:\%WinDIR%\STARTMEN\PROGRAMME\AUTOSTART\CREATIVE.EXE

It creates the file 'MESSAGEFORU.TXT' directly on drive C:\, which contains the following message from the author:

?Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. i could have done far better damage, i could have even completely wiped your harddisk. Remember this is a warning & get it sound and clear... - The Penguin?

The following list contains the files created on drive C:\ and their paths:

C:\%WinDIR%\JAVA\Packages\NBDRZ1F5.ZIP
C:\%WinDIR%\JAVA\Packages\FPR9ZNXF.ZIP
C:\%WinDIR%\JAVA\Packages\CAIYR7FT.ZIP
C:\%WinDIR%\JAVA\Packages\6BVDF1NF.ZIP
C:\%WinDIR%\JAVA\Packages\FP7HFDR9.ZIP
C:\%WinDIR%\JAVA\Packages\LVVBBDJP.ZIP
C:\%WinDIR%\JAVA\Packages\E86LVJNP.ZIP
C:\%WinDIR%\JAVA\Packages\PNRDJDFD.ZIP
C:\%WinDIR%\JAVA\Packages\Q27FD3BL.ZIP
C:\Program Files\Common Files\Microsoft Shared\Stationery\Balloon Party Invitation Bkgrd.jpg
C:\Program Files\Common Files\Microsoft Shared\Grphflt\MS.JPG
C:\Program Files\WinZip\EXAMPLE.ZIP
C:\Program Files\Microsoft Office\Templates\Access\100.JPG
C:\Program Files\Microsoft Office\Templates\Access\GRAY.JPG
C:\Program Files\Microsoft Office\Templates\Access\GRAYST.JPG
C:\Program Files\Microsoft Office\Templates\Access\MC.JPG
C:\Program Files\Microsoft Office\Templates\Access\MCST.JPG
C:\Program Files\Microsoft Office\Templates\Access\MSACCESS.JPG
C:\Program Files\Microsoft Office\Templates\Access\SKY.JPG
C:\Program Files\Microsoft Office\Templates\Access\STONES.JPG
C:\Program Files\Microsoft Office\Templates\Access\TILES.JPG
C:\Program Files\Microsoft Office\Templates\Access\ZIGZAG.JPG?

These Java scripts are not damaged or infected with the virus, therefore they can be easily deleted.
Die Beschreibung wurde erstellt von Crony Walker am Dienstag, 15. Juni 2004

zurück . . . .