Category: Computer Worm
Some parts of Asia, Europe, North and South America, Africa and Australia
14 Jan 2008
Characteristics: [email protected]
is a mass-mailing worm that propagates via executable or removable drives and through messages sent to other mIRC users. It first appeared on January 14, 2008. It mainly affects Windows 2000, 95, 98, Me, NT, Server 2003, Vista and XP.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
The mass-mailing worm [email protected]
sends emails to all addresses listed in the Microsoft Outlook address book and lowers the computer’s security settings. It modifies mIRC files to be able to send messages to other users who share the same connection. The worm is installed by copying and overwriting itself to several files. Then, the worm creates for about ten System registry entries and deletes several subkeys in the registry. Some registry entries are modified by the worm including the disability of the Windows Registry Editor, Task Manager and the command shell as well as the changes of the registered owner and/or organization of the computer. After several performance, the worm will copy itself as %SystemDrive%\[FOLDER NAME].exe in the local drives. Afterwards, it sends emails to all connected mIRC users.
Like the other worms that propagate inside the computer, [email protected]
can be manually removed. The System Restore should be modified by disabling it. Any virus definitions must be well checked and updated. After doing these, restart the computer. Next, run a full system scan to identify the values added to the System registry entries and keys that are detected as [email protected]
Delete all values added by clicking the Start button and go to Run then type the following: regedit. Proceed by navigating some entries to be deleted. Restore the system registry subkeys that were deleted when the worm was installed.