Virus Type: Mass mailing worms
Affected OS: Win95/98/Me/2000/XP
Size: can be 29 149 byte, 24 576 byte, 40 480 byte, 44 544 byte, 50 688 byte, 34 568 byte, 37 888 byte, 88 640 byte
Packed by: can be packed by UPX, FSG
.adb
.asp
.dbx
.htm
.php
.sht
.tbb
.txt
.wab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
SVRHOST.EXE
taskgmgr.exe
ZONALM2601
ZATUTOR
ZAPSETUP3001
ZAPRO
XPF202EN
WYVERNWORKSFIREWALL
WUPDT
WUPDATER
WSBGATE
WRCTRL
WRADMIN
WNT
WNAD
WKUFIND
WINUPDATE
WINTSK32
WINSTART001
WINSTART
WINSSK32
WINSERVN
WINRECON
WINPPR32
WINNET
WINMAIN
WINLOGIN
WININITX
WININIT
WININETD
WINDOWS
WINDOW
WIN-BUGSFIX
WINACTIVE
WIN32US
WIN32
WIMMUN32
WHOSWATCHINGME
WGFE95
WFINDV32
WEBTRAP
WEBSCANX
WEBDAV
WATCHDOG
W9X
W32DSM89
VSWINPERSE
VSWINNTSE
VSWIN9XE
VSSTAT
VSMON
VSMAIN
VSISETUP
VSHWIN32
VSECOMR
VSCHED
VSCENU6.02D30
VSCAN40
VPTRAY
VPFW30S
VPC42
VPC32
VNPC3000
VNLAN300
VIRUSMDPERSONALFIREWALL
VIR-HELP
VFSETUP
VETTRAY
VET95
VET32
VCSETUP
VBWINNTW
VBWIN9X
VBUST
VBCONS
VBCMSERV
UTPOST
UPGRAD
UPDATE
UPDAT
UNDOBOOT
TVTMD
TVMD
TSADBOT
TROJANTRAP3
TRJSETUP
TRJSCAN
TRICKLER
TRACERT
TITANINXP
TITANIN
TGBOB
TFAK5
TFAK
TEEKIDS
TDS-3
TDS2-NT
TDS2-98
TCM
TCA
TC
TBSCAN
TAUMON
TASKMON
TASKMO
TASKMG
SYSUPD
SYSTEM32
SYSTEM
SYSEDIT
SYMTRAY
SYMPROXYSVC
SWEEPNET.SWEEPSRV.SYS.SWNETSUP
SWEEP95
SVSHOST
SVCHOSTS
SVCHOSTC
SVC
SUPPORTER5
SUPPORT
SUPFTRL
STCLOADER
START
ST2
SSGRATE
SSG_4104
SS3EDIT
SRNG
SREXE
SPYXX
SPOOLSV32
SPOOLCV
SPOLER
SPHINX
SPF
SPERM
SOFI
SOAP
SMSS32
SMS
SMC
SHOWBEHIND
SHN
SHELLSPYINSTALL
SH
SGSSFW32
SFC
SETUPVAMEEVAL
SETUP_FLOWPROTECTOR_US
SERVLCES
SERVLCE
SERVICE
SERV95
SD
SCVHOST
SCRSVR
SCRSCAN
SCANPM
SCAN95
SCAN32
SCAM32
SC
SBSERV
SAVENOW
SAVE
SAHAGENT
SAFEWEB
RUXDLL32
RUNDLL16
RUNDLL
RUN32DLL
RULAUNCH
RTVSCN95
RTVSCAN
RSHELL
RRGUARD
RESCUE32
RESCUE
REGEDT32
REGEDIT
REGED
REALMON
RCSYNC
RB32
RAY
RAV8WIN32ENG
RAV7WIN
RAV7
RAPAPP
QSERVER
QCONSOLE
PVIEW95
PUSSY
PURGE
PSPF
PROTECTX
PROPORT
PROGRAMAUDITOR
PROCEXPLORERV1.0
PROCESSMONITOR
PROCDUMP
PRMVR
PRMT
PRIZESURFER
PPVSTOP
PPTBC
PPINUPDT
POWERSCAN
PORTMONITOR
PORTDETECTIVE
POPSCAN
POPROXY
POP3TRAP
PLATIN
PINGSCAN
PGMONITR
PFWADMIN
PF2
PERSWF
PERSFW
PERISCOPE PENIS
PDSETUP
PCSCAN
PCIP10117_0
PCFWALLICON
PCDSETUP
PCCWIN98
PCCWIN97
PCCNTMON
PCCIOMON
PCC2K_76_1436
PCC2002S902
PAVW
PAVSCHED
PAVPROXY
PAVCL
PATCH
PANIXK
PADMIN
OUTPOSTPROINSTALL
OUTPOSTINSTALL
OUTPOST
OTFIX
OSTRONET
OPTIMIZE
ONSRVR
OLLYDBG
NWTOOL16
NWSERVICE
NWINST4
NVSVC32
NVC95
NVARCH16
NUPGRADE
NUI
NTXconfig
NTVDM
NTRTSCAN
NT
NSUPDATE
NSTASK32
NSSYS32
NSCHED32
NPSSVC
NPSCHECK
NPROTECT
NPFMESSENGER
NPF40_TW_98_NT_ME_2K
NOTSTART
NORTON_INTERNET_SECU_3.0_407
NORMIST
NOD32
NMAIN
NISUM
NISSERV
NETUTILS
NETSTAT
NETSPYHUNTER-1.2
NETSCANPRO
NETMON
NETINFO
NETD32
NETARMOR
NEOWATCHLOG
NEOMONITOR
NDD32
NCINST4
NC2000
NAVWNT
NAVW32
NAVSTUB
NAVNT
NAVLU32
NAVENGNAVEX15.NAVLU32
NAVDX
NAVAPW32
NAVAPSVC
NAVAP.NAVAPSVC
NAV
N32SCANW
MWATCH
MU0311AD
MSVXD
MSSYS
MSSMMC32
MSMSGRI32
MSMGT
MSLAUGH
MSINFO32
MSIEXEC16
MSDOS
MSDM
MSCONFIG
MSCMAN
MSCCN32
MSCACHE
MSBLAST
MSBB
MSAPP
MRFLUX
MPFTRAY
MPFSERVICE
MPFAGENT
MOSTAT
MOOLIVE
MONITOR
MMOD
MINILOG
MGUI
MGHTML
MGAVRTE
MGAVRTCL
MFWENG3.02D30
MFW2EN
MFIN32
MD
MCVSSHLD
MCVSRTE
MCUPDATE
MCTOOL
MCSHIELD
MCMNHDLR
MCAGENT
MAPISVC32
LUSPT
LUINIT
LUCOMSERVER
LUAU
LUALL
LSETUP
LORDPE
LOOKOUT
LOCKDOWN2000
LOCKDOWN
LOCALNET
LOADER
LNETINFO
LDSCAN
LDPROMENU
LDPRO
LDNETMON
LAUNCHER
KILLPROCESSSETUP161
KERNEL32
KERIO-WRP-421-EN-WIN
KERIO-WRL-421-EN-WIN
KERIO-PF-213-EN-WIN
KEENVALUE
KAZZA
KAVPF
KAVPERS40ENG
KAVLITE40ENG
JEDI
JDBGMRG
JAMMER
ISTSVC
ISRV95
ISASS
IRIS
IPARMOR
IOMON98
INTREN
INTDEL
INIT
INFWIN
INFUS
INETLNFO
IFW2000
IFACE
IEXPLORER
IEDRIVER
IEDLL
IDLE
ICSUPPNT
ICSUPP95
ICMON
ICLOADNT
ICLOAD95
IBMAVSP
IBMASN
IAMSTATS
IAMSERV
IAMAPP
HXIUL
HXDL
HWPE
HTPATCH
HTLOG
HOTPATCH
HOTACTIO
HIJACKTHIS
HBSRV
HBINST
HACKTRACERSETUP
GUARDDOG
GUARD
GMT
GENERICS
GBPOLL
GBMENU
GATOR
F-STOPW
FSMB32
FSMA32
FSM32
FSGK32
FSAV95
FSAV530WTBYB
FSAV530STBYB
FSAV32
FSAV
FSAA
FRW FP-WIN_TRIAL
FP-WIN
F-PROT95
F-PROT
FPROT
FNRB32
FLOWPROTECTOR
FIREWALL
FINDVIRU
FIH32
FCH32
FAST
FAMEH32
F-AGOBOT
F-AGNT95
EXPLORE
EXPERT
EXE.AVXW
EXANTIVIRUS-CNET
EVPN
ETRUSTCIPE
ETHEREAL
ESPWATCH
ESCANV95
ESCANHNT
ESCANH95
ESAFE
ENT
EMSW
EFPEADM
ECENGINE
DVP95_0
DVP95
DSSAGENT
DRWEBUPW
DRWEB32
DRWATSON
DPPS2
DPFSETUP
DPF
DOORS
DLLREG
DLLCACHE
DIVX
DEPUTY
DEFWATCH
DEFSCANGUI
DEFALERT
DCOMX
DATEMANAGER
CWNTDWMO
CWNB181
CV
CTRL
CPFNT206
CPF9X206
CPD
CONNECTIONMONITOR
CMON016
CMGRDIAN
CMESYS
CMD32
CLICK
CLEANPC
CLEANER3
CLEANER
CLEAN
CLAW95CF
Claw95
CFINET32
CFINET
CFIAUDIT
CFIADMIN
CFGWIZ
CFD
CDP
CCSETMGR
CCPXYSVC
CCEVTMGR
CCAPP
BVT
BUNDLE
BS120
BRASIL
BPC
BORG2
BOOTWARN
BOOTCONF
BLSS
BLACKICE
BLACKD
BISP
BIPCPEVALSETUP
BIPCP
BIDSERVER
BIDEF
BELT
BEAGLE
BD_PROFESSIONAL
BARGAINS
BACKWEB
AVXQUAR
AVXMONITORNT
AVXMONITOR9X
AVWUPSRV
AVWUPD32
AVWUPD
AVWINNT
AVWIN95
AVSYNMGR
AVSCHED32
AVPUPD
AVPTC32
AVPM
AVPDOS32
AVPCC
AVP32
AVP
AVNT
AVLTMAIN
AVKWCTl9
AVKSERVICE
AVKSERV
AVKPOP
AVGW
AVGUARD
AVGSERV9
AVGSERV
AVGNT
AVGCTRL
AVGCC32
AVE32
AVCONSOL
AUTOUPDATE
AUTOTRACE
AUTO-PROTECT.NAV80TRY
AUTODOWN
AUPDATE
AU
ATWATCH
ATRO55EN
ATGUARD
ATCON
ARR
APVXDWIN
APLICA32
APIMONITOR
ANTS
ANTIVIRUS
ANTI-TROJAN
AMON9X
ALOGSERV
ALEVIR
ALERTSVC
AGENTW
AGENTSVR
ADVXDWIN
ADAWARE
ACKWIN32
_AVPM
_AVPCC
_AVP32
DRVDDLL
otto
penny
marie
freddy
elvin
anthony
zidane
connie
lenny
vivian
walter
stephen
brovac
hanson
carey
joshua
linda
julie
jimmy
jerry
helen
lissy
claudia
humm
anna
alice
stella
adam
harry
fred
jack
bill
stan
smith
steve
matt
dave
ronnie
joe
jane
bob
robert
peter
tom
chang
mary
william
brian
jim
maria
dolly
jose
steven
sam
george
david
kevin
mike
james
michael
alex
john
niky
hanmail.net
k.ro
dcemail.com
brain.com.pk
arabia.com
mail.ee
student.be
mail.com.fr
email.it
mail.gr
online.ie
freemail.nl
email.ro
hotpop.com
yook.de
lovemail.com
usa.com
21cn.com
163.com
yahoo.co.uk
lycos.com
mailcity.com
sina.com
hotmail.com
yahoo.com
msn.com
aol.com
juno.com
fbi.gov
cia.gov
accoun
acketst
admin
anyone
arin.
avp
bugs
ca
certific
contact
example
feste
fido
foo.
fsf.
gnu
gold-certs
help
info
linux
listserv
me
no
nobody
noone
not
nothing
ntivi
page
postmaster
privacy
rating
root
samples
service
site
soft
somebody
someone
submit
support
the.bat
unix
webmaster
you
your
and also if domain name contains such substrings:
.gov
.mil
arin.
berkeley
borlan
bsd
example
fido
foo.
fsf.
gnu
gov.
iana
ibm.com
icrosof
icrosoft
ietf
inpris
isc.o
isi.e
kernel
linux
math
mit.e
mozilla
mydomai
nodomai
panda
pgp
rfc-ed
ripe.
ruslis
secur
sendmail
sopho
symav
tanford.e
unix
usenet
utgers.ed
www
mx.
mail.
smtp.
mx1.
mxs.
mail1.
relay.
ns.
gate.
----------
If you want to see this video please open this URL with your favorite media player such as WinAmp or Windows Media Player. [сслыка на видео] If there is fail please download it from your email attachment.
Don't get wrong anymore!Hope the files is right!
Sorry, I'm late yesterday. But please read the file first!
I really need your help!
Here it is my response. Please reply back if got an idea.
Hope this is not a wrong file as you told me.
The previous file i have sended to you before are not correct. So, this is the correct file.
Have you read the file in the attachment?
If you found this email with an attachment please refer to the email attachment in order to read the sender email.
You have received this email with an email attachment. Please refer to your email attachment if you want to read the message.
Because of our services are not configured properly. We have converted your message as an attachment. Please download the file to read. Please note that your message has been converted to an attachment. Please refer to the attachment in order to read the file.
----------
+++ Attachment: No Virus found
+++ Attachment: No Virus found
+++ Attachment: No Infection found
+++ Attachment: No Infection found
Norton AntiVirus - www.symantec.com
Norton AntiVirus - www.symantec.com
F-Secure AntiVirus - www.f-secure.com
F-Secure AntiVirus - www.f-secure.com
Norman AntiVirus - www.norman.com
Norman AntiVirus - www.norman.com
Panda AntiVirus - www.pandasoftware.com
Panda AntiVirus - www.pandasoftware.com
Kaspersky AntiVirus - www.kaspersky.com
Kaspersky AntiVirus - www.kaspersky.com
MC-Afee AntiVirus - www.mcafee.com
MC-Afee AntiVirus - www.mcafee.com
Bitdefender AntiVirus - www.bitdefender.com
Bitdefender AntiVirus - www.bitdefender.com
MessageLabs AntiVirus - www.messagelabs.com
MessageLabs AntiVirus - www.messagelabs.com
.pif
.scr
.exe
.cmd
.bat
