Alias:Worm/Readme
Type:Worm 
Size:24.576 Bytes 
Origin: 
Date:09-06-2001 
Damage:Sent by email. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:Low 

DistributionIt sends itself by email using Microsoft Outlook. The email sent by the worm has the following structure:
Subject: As per your request!
Body: Please find attached file for your review I lokk forward to hear form your again very soon. Thank you.
Attachment: README.EXE

Technical DetailsW32/Apost is an Internet worm, programmed in Visual Basic 6. If the worm is activated, a window appears indicating a false WinZip error message. When the user clicks on "Aceptar" button, the worm sends itself by email, using Microsoft Outlook Address Book. After sending emails, another window appears.
The worm creates copies of itself in Windows directory and in root directories of the local drives (C:\; D:\; ...) as README.EXE, which has the standard Visual Basic 6 application icon.
The worm makes the following registry entry:
HKCU\Software\Microsoft\Windows\Current Version\Run\macrosoft = %Windows%\Readme.exe
說明撰寫者 Crony Walker 開啟 2004年6月15日星期二

返回 . . . .

© 2013 Avira Operations GmbH & Co. KG. 保留所有權利.

我的帳戶

https:// 為了你的安全,此視窗已加密。