Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Alias:Anniv911.exe; 11september.exe
Type:Worm 
Size:26.628 Bytes 
Origin: 
Date:09-10-2002 
Damage:Sent by email. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Low 

DistributionThe worm tries to send itself using Outlook and the Windows Address Book (WAB). The email looks like this:

Subject: All people!!

Body: Dear ladies and gentlemen! The given letter does not contain viruses, and is not Spam. We ask you to be in earnest to this letter. As you know America and England have begun bombardment of Iraq, cause of its threat for all the world. It isn't the truth. The real reason is in money laundering and also to cover up traces after acts of terrorism September, 11, 2001. Are real proofs of connection between Bush and Al-Qaeda necessary for you? Please! There is a friendly dialogue between Bin Laden and the secretary of a state security of USA in the given photos. In the following photo you'll see, how FBI discusses how to strike over New York to lose people as much as possible. And the document representing the super confidential agreement between CIA and Al-Qaeda is submitted to your attention. All this circus was specially played to powder brains!! You'll find out the truth. Naked truth, instead of TV showed. For your convenience, and to make letter less, all documentary materials(photos and MS Word documents) are located in one EXE file. Open it, and all materials will be installed on your computer. You will receive the freshest and classified documents automatically from our site. It isn't a virus! You can trust us absolutely. We hope, that it will open your eyes on many things occurring in this world.

Attachment: 11september.exe

Technical DetailsWorm/Chet is a massmailer. But due to a programming error, its email sending routine can not work on most of the Windows systems.

If the attachment is opened, the worm copies itself in the Windows system directory (eg C:\Windows\System\ or C:\Windows\System32\) with the name SYNCHOST1.EXE and makes the following run entry in the registry:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]ICQ1= C:\Windows\%System%\synchost1.exe
Worm/Chet also makes a copy in C:\ named 11september.exe, which is deleted after infection.
Descrizione inserita da Crony Walker su martedì 15 giugno 2004

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.