¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Alias:W32.Frethem.E@mm, I-Worm.Frethem.e, W32/Frethem, W32.Frethem.F@mm
Type:Worm 
Size:35,840 Bytes 
Origin: 
Date:00-00-0000 
Damage:Sent by email. 
VDF Version:  
Danger:Low 
Distribution:High 

DistributionThe worm collects email addresses from Windows Address Book and files of type .dbx. The email sent bu the worm looks like this:

Subject: Re: Your password!

Body: ATTENTION! You can access very important information by this password DO NOT save password to disk use your mind now press cancel

Attachment:
Decrypt-password.exe
Password.txt

Decrypt-password.exe is a 35 kB worm copy, packed with UPX and PE.
Password.txt is a non-viral 93 Bytes file.

Technical DetailsWhen activated, the worm gets information about the SMTP server, email addresses and SMTP server name from the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\00000001\SMTP Server HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\00000001\SMTP Email Address HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts\00000001\SMTP Display Name

The mutex "IEXPLORE_MUTEX_AABBCCDDEEFF" allows only one active version of the worm on the same computer.

After some hours, the worm copies itself in:
C:\Windows\All Users\Start Menu\Programs\Startup\Setup.exe
to ensure automatic start.
Descripción insertada por Crony Walker el martes, 15 de junio de 2004

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.