¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Size:8,208 Bytes 
Damage:Sent by email 
VDF Version: 

DistributionThe worm searches for email addresses on the local drives, in files with extensions:

- .wab
- .txt
- .msg
- .htm
- .shtm
- .stm
- .xml
- .dbx
- .mbx
- .mdx
- .eml
- .nch
- .mmf
- .ods
- .cfg
- .asp
- .php
- .pl
- .wsh
- .adb
- .tbb
- .sht
- .xls
- .oft
- .uin
- .cgi
- .mht
- .dhtm
- .jsp

Then, the worm spreads by email, sending itself to the addresses it found. The email Subject and Body are empty. The Attachment is a copy of the worm, named game.exe.

It avoids to send emails to addresses containing:
- @avp
- @microsoft.

Technical DetailsWhen run, the worm copies itself in %SystemDIR%\syinfo.exe and makes the following registry entry, to be activated by the next system start:


Then it makes the entry:


The worm also opens TCP Port 4751, so files can be downloaded and run. Then it tries to run the file Dredr.exe, if found on the infected computer. The worm tries to announce the infection further to a webserver.If the worm meets a 2005 system date or a later date, it terminates immediately all its procedures and makes no entry.
Descripción insertada por Crony Walker el martes, 15 de junio de 2004

Volver . . . .