Les informations contenues dans cette rubrique de notre site web sont constamment mises à jour. Afin de vous garantir un contenu le plus actualisé possible, elles sont uniquement diffusées en anglais.

Virus Profile: W32/PetLil@MM

Threat Search
Imprimer
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 02/06/2002
Date Added: 03/06/2002
Origin: Unknown
Length: 37,376 bytes
Type: Virus
Subtype: E-mail worm
DAT Required: 4207
Removal Instructions
   
 
 
   

Description

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Indication of Infection

Existence of C:\XXXPic.exe.

Methods of Infection

This worm arrives as an email attachment. Manually executing this attachment causes the worm to send itself to all users in the Microsoft Outlook Address book using the MAPI protocol.

Aliases

WORM_GORUM.A (Trend)
   

Virus Characteristics

This threat is detected as New Worm with the 4150 DATs, or newer, when running with program heuristics enabled. The 4207 will detect this as W32/PetLil@MM.

When ran, if it is the 1st, 15th, 31st of the month. The worm will display a picture of a half-naked woman. On any other day, it will display a message box:

All addresses found in the Microsoft Outlook Address book are sent a message with the following information:

Subject: XXX Picture...
Body: A pretty girl waits for you. Click on attached file...

Attachment: XXXPic.exe

The worm copies itself to C:\XXXPic.exe. It also searches the Windows, Windows system, and My Documents directories for files with the extension .vbs, .htm, .doc, .xls, .bmp, .gif, .jpg, .pdf, or .js. If any files are found, it copies itself as the filename with an .exe extension. It adds a registry key entry for every file dropped:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
   

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

   

Un ordinateur infecté ? Obtenez l'aide d'un expert !

McAfee
Service de suppression des virus

Contactez l'un de nos spécialistes en sécurité par téléphone. Regardez votre PC pendant que nous résolvons le problème à distance.

$89.95 (USD)

Publicité