Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
Sent by email
The worm searches for email addresses on the local drives, in files with extensions:
Then, the worm spreads by email, sending itself to the addresses it found. The email Subject and Body are empty. The Attachment is a copy of the worm, named game.exe.
It avoids to send emails to addresses containing:
When run, the worm copies itself in %SystemDIR%\syinfo.exe and makes the following registry entry, to be activated by the next system start:
Then it makes the entry:
The worm also opens TCP Port 4751, so files can be downloaded and run. Then it tries to run the file Dredr.exe, if found on the infected computer. The worm tries to announce the infection further to a webserver.If the worm meets a 2005 system date or a later date, it terminates immediately all its procedures and makes no entry.
Description inserted by Crony Walker on Tuesday, June 15, 2004