English
Deutsch
Francais
Español
Italian
Home
Vireninfos
W32/ProLin@mm
Suche
Home
Support
Lösungen
Produkte
Downloads
Vireninfos
Statistiken
VDF Historie
Virenkunde
Datei-Upload
Sicherheits-News
In-the-Wild-Viren
Unternehmen
Presse
Partner
Newsletter
W32/ProLin@mm - Malware
Siehe auch
Kurzfassung
Vollständig
Statistik
Wie würden Sie diese Information bewerten?
Wertlos
Hervorragend
Alias:
Type:
Worm
Size:
36.864 Bytes
Origin:
Date:
12-05-2000
Damage:
Sent by email.
VDF Version:
6.23.00.00
Danger:
Low
Distribution:
Medium
Distribution
The Internet worm tries to send itself over Outlook to all addresses in the Address Book. The email's structure:
Subject: A great Shockwave flash movie
Body: Check out this new flash movie that I downloaded just now ... It's Great Bye Attachment: CREATIVE.EXE
Technical Details
When activated, this Internet worm creates the following copies of itself:
C:\CREATIVE.EXE
C:\%WinDIR%\TEMP\CREATIVE.EXE C:\%WinDIR%\STARTMENÜ\PROGRAMME\AUTOSTART\CREATIVE.EXE
It creates the file 'MESSAGEFORU.TXT' directly on drive C:\, which contains the following message from the author:
Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. i could have done far better damage, i could have even completely wiped your harddisk. Remember this is a warning & get it sound and clear... - The Penguin
The following list contains the files created on drive C:\ and their paths:
C:\%WinDIR%\JAVA\Packages\NBDRZ1F5.ZIP
C:\%WinDIR%\JAVA\Packages\FPR9ZNXF.ZIP
C:\%WinDIR%\JAVA\Packages\CAIYR7FT.ZIP
C:\%WinDIR%\JAVA\Packages\6BVDF1NF.ZIP
C:\%WinDIR%\JAVA\Packages\FP7HFDR9.ZIP
C:\%WinDIR%\JAVA\Packages\LVVBBDJP.ZIP
C:\%WinDIR%\JAVA\Packages\E86LVJNP.ZIP
C:\%WinDIR%\JAVA\Packages\PNRDJDFD.ZIP
C:\%WinDIR%\JAVA\Packages\Q27FD3BL.ZIP
C:\Program Files\Common Files\Microsoft Shared\Stationery\Balloon Party Invitation Bkgrd.jpg
C:\Program Files\Common Files\Microsoft Shared\Grphflt\MS.JPG
C:\Program Files\WinZip\EXAMPLE.ZIP
C:\Program Files\Microsoft Office\Templates\Access\100.JPG
C:\Program Files\Microsoft Office\Templates\Access\GRAY.JPG
C:\Program Files\Microsoft Office\Templates\Access\GRAYST.JPG
C:\Program Files\Microsoft Office\Templates\Access\MC.JPG
C:\Program Files\Microsoft Office\Templates\Access\MCST.JPG
C:\Program Files\Microsoft Office\Templates\Access\MSACCESS.JPG
C:\Program Files\Microsoft Office\Templates\Access\SKY.JPG
C:\Program Files\Microsoft Office\Templates\Access\STONES.JPG
C:\Program Files\Microsoft Office\Templates\Access\TILES.JPG
C:\Program Files\Microsoft Office\Templates\Access\ZIGZAG.JPG
These Java scripts are not damaged or infected with the virus, therefore they can be easily deleted.
Kurzfassung
hier
.
Beschreibung erstellt von Crony Walker am Tue, 15 Jun 2004 14:00 (GMT+1)
»
Über Malware
»
Über Phishing
»
In-the-Wild-Viren
« zurück
Diese Seite drucken
Worm/Mytob.AT
TR/Crypt.CFI.Gen
Worm/Mytob.U
Worm/Mytob.AD
Worm/Klez.E
HEUR/PDF.Obfuscated
SPR/mIRC.Gen
TR/Crypt.UPKM.Gen
JS/Dldr.Agent.cex
TR/Dldr.Tiny.bqw
Einfach aktuelle Nachrichten von Avira bekommen, als
Erkennt und entfernt folgende Malware und ihre Varianten:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
TR/Spy.Banker.AATZ
TR/Spy.Banker.AATZ.1
TR/Spy.Banker.AATZ.2
TR/Spy.Banker.AATZ.3
Hier downloaden
Virenwarnung
auf Ihre Webseite einbinden
© 2008 Avira GmbH
Copyright
Datenschutz
Sitemap
Feedback
Impressum
FAQ
Kontakt
Diese Seite drucken
.gif)
