Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Alias:I-Worm.Bradex, PE_BRID.A, W32/Brid.A@MM
Size:114.687 Bytes 
Damage:Sent by email. 
VDF Version: 

DistributionSends itself to all email addresses and infected .EXE, .SCR and .OCX files, using the virus W32/Funlove.
The email looks like this:

Body: Hello,
Product Name: %Product Name%
Product Id: %Product ID%
Product Key: %Product Key%
Process List: ExploreWClass Exploring - _Virus IOWATCHPOLL IOMEGA WATCH Thank you.

Attachment: Readme.exe

%Product Name% is the version of Windows operating system (eg Microsoft Windows98)
%Product ID% the identification number (eg.: 12345-123-1234567-12345)
%Product Key% is the key of the product(eg.: AA1AA-AA1AA-AA1AA-AA1AA-AA1AA )

Technical DetailsWorm/Bride.A spreads by email and works with another known virus. If the email is received on a system using Microsoft Outlook, it can occur that, by other versions, the virus is self-activated using a security hole in Microsoft Outlook (IFRAME).
Microsoft offers a patch for this security hole, on the following website:
www.microsoft.com/technet/treeview/default.asp?url= /technet/security/bulletin/MS01-020.asp

If another email program is used on the system or if the email attachment is manually opened, the worm makes two copies of itself:
It also creates a file named %WinDir%\desktop\Email.eml, a MIME encoded file, which is sent to all entries in the Address Book.

%WinDir% is usually C:\Windows\
%SystemDir% is usually C:\Windows\System\

The worm also contains the packed virus W32/Funlove. This is copied in system directory as Bride.exe and immediately activated. It infects .EXE, .SCR and .OCX files. For automatic start, the worm makes the following registry entry:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "regedit"="C:\\%WINDIR%\\%SYSTEMDIR%\\regedit.exe"

The worm does not work on Windows 2000 and Windows XP.
Descrizione inserita da Crony Walker su martedì 15 giugno 2004

Indietro . . . .