This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Indication of Infection
- Presence of the file %WinDir%\INETD.EXE
- Presence of the file %SysDir%\KERN32.EXE
- Presence of the file %SysDir%\KERNEL32.EXE
- Email correspondence noting that you've sent them an attachment when you did not.
Methods of Infection
This worm utilizes MAPI messaging to mail itself to regular email correspondence. It will arrive as an attachment that is 13,312 bytes in length and uses one of the following names (note that some of these filenames are also associated with other threats, such as W95/MTX.gen@M
The message body may contain the text:
Take a look to the attachment.
This worm utilizes MAPI messaging to mail itself to regular email correspondence. It will arrive embedded in an email message which often has the subject "Re:". Exploiting a MIME header vulnerability, the virus can execute upon viewing the email message. The message body is empty. It will arrive as an attachment that is 29,020 bytes in length and uses one of the following names:
Backdoor-NK.svr , BadTrans (F-Secure), BadTrans.B (F-Secure), I-Worm.Badtrans (AVP), I-Worm.Badtrans.B (AVX), PWS-Gen.hooker, PWS-Hooker.dll, PWS-Hooker.plugin, TROJ_BADTRANS.A (Trend), W32.Badtrans.13312@mm (NAV), W32.Badtrans.B@mm (NAV), W32/Badtrans.B (Panda), W32/Badtrans.eml