Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Alias:VBS/Gorum.a
Type:Worm 
Size:
Origin: 
Date:05-31-2000 
Damage:Sent by email. 
VDF Version:6.20.00.00 
Danger:Medium 
Distribution:Medium 

DistributionThe worm sends itself to all addresses found in Outlook. If Outlook 2000 is installed, the virus sends the following email:

Subject:
You know what it is. ;-P

Body:
Check it out!

Attachment name- formed out of the following text strings:


links
cool
funny
anti-loveletter
guorm
pot
win2k
icq2k
money
funnypic.jpg
quake
Year2K
Mirc2K
Word2001
FunStuff
WindowsMe


extensions:

.vbs
.vbe
.txt.vbs
.jpg.vbs
.avi.vbs
.scr.vbs

Technical DetailsThe VB script multiplies itself as winuser.dll and user32.dll.vbs in Windows system directory.
The virus also ensures that the script is run by every system start. The registry entry for this is:

user32=wscript.exe
%Windows-System-Verzeichnis%\user32.dll.vbs % HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Then the virus checks if it has been sent by email using Outlook Address Book. This is marked in the registry:

HKCU\software\Guorm, bookmark mailed.

Then the virus scans all drives for mIRC program. In the directories containing the files

mirc.ini
mirc32.exe
mlink32.exe

it replaces and/or creates the file script.ini.
This only happens if the scanning has not been performed before (the bookmark Mirqued in the registry key HKCU\software\Guorm does not exist). Using this ini file, the virus sends itself through IRC.

Description insérée par Crony Walker le mardi 15 juin 2004

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.