Worm.Win32.AimVen

tag:Internet Worms

The worm creates a copy of itself, called V.exe, in the C:\ root directory

c:\V.exe

The system attribute is ascribed to this file.

The worm then modifies one of the AOL Instant Messenger program files:

C:\PROGRAM FILES\AIM95\ICBMFT.OCM

The modification of ICBMFT.OCM means that when a user sends a file, a copy of the worm will be sent. This is achieved by intercepting file send procedures.

The interception procedure works in the following way: the extension of the file being sent will be replaced by an EXE extension. The worm then creates a copy of itself with the name of the original file, and returns control to the original file send procedure.

Delete the original worm file
Delete the copy of the worm: c:\V.exe
Re-install AOL Instant Messenger.
Perform a full scan of the computer (download trial version of Kaspersky Anti-Virus).

This network worm spreads via America Online (AOL) Instant Messenger (IM). The worm file is written in Assembler and is 8192 bytes in size.

Payload

previous:Worm.Win32.Agent.i
previous:Worm.Win32.AutoIt.c

Virus Source from:

New articles

Net-Worm.Win32.Kido.irThe kido worm family creates files autorun.inf and RECYCLED{SID<....>}RANDOM_NAME.vmx on removable drives (sometimes on public network shares) Net-Worm...MS10-061MS10-061 is not categorized as virus, worm, Trojan or backdoor. It is a critical vulnerability in the Windows Print Spooler service on Wind...MS10-062MS10-062 is not categorized as virus, worm, Trojan or backdoor. It is a critical vulnerability in MPEG-4 codec on Windows 2008/vISTA/2003/XP computers, wh...MS10-063MS10-063 is not categorized as virus, worm, Trojan or backdoor. It is a critical vulnerability in the Unicode Script Processor on Windows 2...Autorun.AOLAdditionally, it has backdoor characteristics, as it attempts to connect to an IRC channel in order to receive instructions from its creator, such as downloadin...

Hot Articles

Worm.Win32.AimVen

Computer Virus Clounds