Precisa de ajuda? Peça à comunidade ou contrate um perito.
Acesse a Avira Answers
Alias:
Type:Worm 
Size:36.864 Bytes 
Origin: 
Date:12-05-2000 
Damage:Sent by email. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Medium 

DistributionThe Internet worm tries to send itself over Outlook to all addresses in the Address Book. The email's structure:

Subject: A great Shockwave flash movie
Body: Check out this new flash movie that I downloaded just now ... It's Great Bye Attachment: CREATIVE.EXE

Technical DetailsWhen activated, this Internet worm creates the following copies of itself:

C:\CREATIVE.EXE
C:\%WinDIR%\TEMP\CREATIVE.EXE C:\%WinDIR%\STARTMEN\PROGRAMME\AUTOSTART\CREATIVE.EXE

It creates the file 'MESSAGEFORU.TXT' directly on drive C:\, which contains the following message from the author:

?Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. i could have done far better damage, i could have even completely wiped your harddisk. Remember this is a warning & get it sound and clear... - The Penguin?

The following list contains the files created on drive C:\ and their paths:

C:\%WinDIR%\JAVA\Packages\NBDRZ1F5.ZIP
C:\%WinDIR%\JAVA\Packages\FPR9ZNXF.ZIP
C:\%WinDIR%\JAVA\Packages\CAIYR7FT.ZIP
C:\%WinDIR%\JAVA\Packages\6BVDF1NF.ZIP
C:\%WinDIR%\JAVA\Packages\FP7HFDR9.ZIP
C:\%WinDIR%\JAVA\Packages\LVVBBDJP.ZIP
C:\%WinDIR%\JAVA\Packages\E86LVJNP.ZIP
C:\%WinDIR%\JAVA\Packages\PNRDJDFD.ZIP
C:\%WinDIR%\JAVA\Packages\Q27FD3BL.ZIP
C:\Program Files\Common Files\Microsoft Shared\Stationery\Balloon Party Invitation Bkgrd.jpg
C:\Program Files\Common Files\Microsoft Shared\Grphflt\MS.JPG
C:\Program Files\WinZip\EXAMPLE.ZIP
C:\Program Files\Microsoft Office\Templates\Access\100.JPG
C:\Program Files\Microsoft Office\Templates\Access\GRAY.JPG
C:\Program Files\Microsoft Office\Templates\Access\GRAYST.JPG
C:\Program Files\Microsoft Office\Templates\Access\MC.JPG
C:\Program Files\Microsoft Office\Templates\Access\MCST.JPG
C:\Program Files\Microsoft Office\Templates\Access\MSACCESS.JPG
C:\Program Files\Microsoft Office\Templates\Access\SKY.JPG
C:\Program Files\Microsoft Office\Templates\Access\STONES.JPG
C:\Program Files\Microsoft Office\Templates\Access\TILES.JPG
C:\Program Files\Microsoft Office\Templates\Access\ZIGZAG.JPG?

These Java scripts are not damaged or infected with the virus, therefore they can be easily deleted.
Descrição enviada por Crony Walker em terça-feira, 15 de junho de 2004

Voltar . . . .
https:// Esta janela é criptografada para sua segurança.