This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
Worm.Explore.Zip, Zipped Files, Troj.Explore.Zip
Spreads using Outlook, Exchange or NetScape Mail
The email structure:
Subject: re:[subject of the un-answered message]
Body: Hi [Name of recipient] ! I received your Email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Bye or sincerely [Name of the sender]
When the infected attachment is opened, an error message appears on the screen.
The virus is already active and "at work". It copies itself as "Explore.exe" or "setup.exe" in System directory: %windir%\%SystemDir% (usually c:\windows\system) on Windows 9x, or %windir%\%SystemDir% (usually c:\winnt\system32) on Windows NT.
Then, it modifies WIN.INI on Windows9x, or the registry on Windows NT. Thus, the virus is activated by every system start-up. The worm can also reply to incoming emails.
It uses two "killer threads". One of them "processes" the emails, the other "empties" the files with extension: .doc, .c, .cpp, .h, .asm, .xls, .ppt. It empties the files using the Windows function "CreateFile" with 0 Byte. These "shrunk" files can not be restored, because the content is "lost". To "empty" the files, a strong harddisk activity is needed. The virus also "empties" files from mapped drives all the way to "Z:" drive ("WnetEnumResource"). The virus payload is active as long as the virus itself is in memory.
Description inserted by Crony Walker on Tuesday, June 15, 2004
Get in touch
Questions? We are happy to help you.
1 800 403 7019
Start a chat
Send an email
Find a solution in our Avira Answers community
Send an email
Case Record Type