I-Worm.Serotin, W32/[email protected]
, [email protected]
, Win32.Benny.32768, Win32/[email protected]
PE_SEROTON.A, Worm/Serotin, Win32:Serotin, I-Worm/Serotin, [email protected]
Category: Computer Worm
Asia, North and South America, and some parts of Europe and Australia
28 Jan 2003
The [email protected]
is an Internet Worm. Worm Serotin or also known as Seron multiplies via email.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
The [email protected]
application is an Internet worm. A worm is a computer program designed to spread across computer networks. It uses a network to send copies of itself to other computers on the network. Worm applications do not infect files but may include one or more threats leading to computer security compromise and information theft. An unsuspecting user typically installs worms by unintentionally opening an e-mail attachment or message that contains executable scripts. Once installed, it replicates itself on the user's system until the time that it does take up all the available memory on the infected computer. This results in system slowdown and may even cause the computer to crash. A worm application may also affect the hard disk. This restricts the user from saving or creating new files.
When [email protected]
opens, it terminates all the processes with strings such as firewall, dr. web, spider, kasper, nod32, virus, guard, anti, avp, amon, avg, rav, and avx. [email protected]
searches and tries to contaminate all the MSIL executable files on drive C. It also sends itself to all the email addresses that it locates in the Internet Explorer cache folder and Windows address book. The email is encoded at UTF-7 format, and the “from address” is [email protected]
The email has VB scripts that add the value “Serotin”. The [email protected]
eliminates this registry value after the worm opens for the first time.