Need help? Ask the community or hire an expert.
Go to Avira Answers
Alias:I-Worm.Fizzer, W32/Fizzer.dll, W95/Fizzer.Keylogger, W32.HLLW.Fizzer
Size:241,664 Bytes 
Damage:Sent by email, Backdoor component, Keylogger. 
VDF Version:  

DistributionThe worm collects email addresses from Windows Address Book, cookie files, Internet temporary files and from personal folders.
The email sent by the worm has the following structure:

I thought this was interesting...
rather psychedelic...
found this on the net, you might like it...
Damn it feels good to be gangsta.
The way I feel - Remy Shand
Paradigm Shift
Know Thyself
I love you
Please discard if you don't like or agree with our present leadership...
little popup remover
B cannot remember
an interesting program...
You might not appreciate this...
I think you might find this amusing...
check this out... hehehe
see you tomorrow.
how are you?
you need to lose weight.
kind of simple, but fun nonetheless.
check it out.
Ist das nicht lustig? ;)
Das Wetter ist gut.
Gut geschlafen?
erstmal unter die dusche ..
Og.. :)
Wer ist hier das Schaf?
Morgen uggi ;))
moin uk-world
hierzu kann ich nur anmerken das fix nen Bettnässer ist
huhu Camper ;))
Sandy es freut mich sehr, daß du heut so gut drauf bist ;)
da kannst ja gleich einen kuchen auch noch backen ;D
ohje ;)
hmm sandy und backen ???
heidelbeerkuchen ;)
jo Camper, das kann ich auch ;)
die dich nur anschnautzen kann und sonst nix ;)

I sent this program (Sparky) from anonymous places on the net.
The way to gain a good reputation is to endeavor to be what you desire to appear.
There is only one good, knowledge, and one evil, ignorance.
Watchin' the game, having a bud.
Did you ever stop to think that viruses are good for the economy? Maybe the primary creators of the world's worst viruses are the companies that make the Anti-Virus software.
Today is a good day to die...
so, how are you?
the attachment is only for you to look at
you must not show this to anyone...
delete this as soon as you look at it...
Let me know what you think of this...
If you don't like it, just delete it.
thought I'd let you know
you don't have to if you don't want to.

Attachment: the attachment is variable and has the following extensions:

Technical DetailsWhen activated, the worm is copied into:

It creates the following files:
%WinDIR%\ProgOp.exe (15,360 Bytes).
%WinDIR%\iservc.dll (7,680 Bytes), represents the keylogger component of the worm.
%WinDIR%\, contains encoded email addresses, found on the infected system.

It makes the following autostart entry in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "SystemInit"="%WinDIR%\iservc.exe"

And it changes the following entry: HKEY_LOCAL_MACHINE\Software\CLASSES\txtfile\shell\open\command in: @="%WinDIR%\ProgOp.exe 0 7 '%WinDIR%\notepad.exe %1''%WinDIR%\initbak.dat''iservc.exe'

The worm tries to terminate the processes that contain the following strings:

A mutex named SparkyMutex will ensure that only one version of the worm is active in the system.
The worm tries to connect to the following IRC servers:

It infects the files from KaZaA download directory. The warm also tries to reach AOL Instant Messenger (AIM) Chatroom, using various names, for receiving hacker's instructions.
It uses a HTTP server on port 81. The worm also uses port 2018, 2019, 2020 and 2021 for backdoor functions.
Description inserted by Crony Walker on Tuesday, June 15, 2004

Back . . . .