Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
I-Worm.Bradex, PE_BRID.A, W32/Brid.A@MM
Sent by email.
Sends itself to all email addresses and infected .EXE, .SCR and .OCX files, using the virus W32/Funlove.
The email looks like this:
Product Name: %Product Name%
Product Id: %Product ID%
Product Key: %Product Key%
Process List: ExploreWClass Exploring - _Virus IOWATCHPOLL IOMEGA WATCH Thank you.
%Product Name% is the version of Windows operating system (eg Microsoft Windows98)
%Product ID% the identification number (eg.: 12345-123-1234567-12345)
%Product Key% is the key of the product(eg.: AA1AA-AA1AA-AA1AA-AA1AA-AA1AA )
Worm/Bride.A spreads by email and works with another known virus. If the email is received on a system using Microsoft Outlook, it can occur that, by other versions, the virus is self-activated using a security hole in Microsoft Outlook (IFRAME).
Microsoft offers a patch for this security hole, on the following website:
If another email program is used on the system or if the email attachment is manually opened, the worm makes two copies of itself:
It also creates a file named %WinDir%\desktop\Email.eml, a MIME encoded file, which is sent to all entries in the Address Book.
%WinDir% is usually C:\Windows\
%SystemDir% is usually C:\Windows\System\
The worm also contains the packed virus W32/Funlove. This is copied in system directory as Bride.exe and immediately activated. It infects .EXE, .SCR and .OCX files. For automatic start, the worm makes the following registry entry:
The worm does not work on Windows 2000 and Windows XP.
Description inserted by Crony Walker on Tuesday, June 15, 2004