Need help? Ask the community or hire an expert.
Go to Avira Answers
Size:228.872 Bytes 
Damage:Sent by email. 
VDF Version: 

DistributionWorm/Cervivec is a massmailer with an 228.872 Bytes .EXE file. It sends itself by email using ICQ contacts list. Its emails are expressed in various languages:

"Cau posilam ti cerviky tak se na to podivej (virus to neni)"

Email2: "Cau posielam ti cerviky tak sa na to pozri (virus to neni)"

Email3: "Hallo, Ich habe ein guter Witz-Wurm so sieh! (kein virus)"

Email4: "Hi, I have some cool joke - worms so have a look at it (no virus)"

Email5: "J'ai une bonne blague ca s'appelle verre de terre alors jette un coup d'oeil (il n'y a pas de virusi)"

Email6: "Czesc, mam swietnz dowci te mando los gusanilloes. Pues mirarlos (no es un virus)"

Email7: "Hola te mando los gusanilloes. Puesmirarlos (no es un virus)"

Attachment: Ntknrl.exe

Technical DetailsIf the attachment is opened, the worm is insatlled in Windows system directory as "ntkrnl.exe" and enters the following autorun registry key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]Kernel Loader=C:\WINDOWS\system32\ntkrnl.exe -LOADDRIVERS=TRUE
Then, a window is displayed, with an OK button.
The final payload is an invasion of many coloured worms on your desktop.
Description inserted by Crony Walker on Tuesday, June 15, 2004

Back . . . .