Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
Size:228.872 Bytes 
Damage:Sent by email. 
VDF Version: 

DistributionWorm/Cervivec is a massmailer with an 228.872 Bytes .EXE file. It sends itself by email using ICQ contacts list. Its emails are expressed in various languages:

"Cau posilam ti cerviky tak se na to podivej (virus to neni)"

Email2: "Cau posielam ti cerviky tak sa na to pozri (virus to neni)"

Email3: "Hallo, Ich habe ein guter Witz-Wurm so sieh! (kein virus)"

Email4: "Hi, I have some cool joke - worms so have a look at it (no virus)"

Email5: "J'ai une bonne blague ca s'appelle verre de terre alors jette un coup d'oeil (il n'y a pas de virusi)"

Email6: "Czesc, mam swietnz dowci te mando los gusanilloes. Pues mirarlos (no es un virus)"

Email7: "Hola te mando los gusanilloes. Puesmirarlos (no es un virus)"

Attachment: Ntknrl.exe

Technical DetailsIf the attachment is opened, the worm is insatlled in Windows system directory as "ntkrnl.exe" and enters the following autorun registry key:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]Kernel Loader=C:\WINDOWS\system32\ntkrnl.exe -LOADDRIVERS=TRUE
Then, a window is displayed, with an OK button.
The final payload is an invasion of many coloured worms on your desktop.
Descrição enviada por Crony Walker em terça-feira, 15 de junho de 2004

Voltar . . . .