Subscribe
Once launched the worm checks the value of the "malead" parameter in the following system registry key:
[HKCU\Software\Microsoft\WAB] "malead" = " "If no value is present for this parameter, then the worm will use MS Outlook to send infected messages to all addresses in the user's address book. Infected messages:
Message subject:antivirus !!!
Message body: here a patche for some dangerous virus. Voici un patch contre un dangereux virus Attachment name:The worm sends its body in the file attached to the message.
In order to send messages, the worm ascribes the value "1" to the "malead" parameter: [HKCU\Software\Microsoft\WAB] "malead" = "1"If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Delete the original worm file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following system registry key parameter: [HKCU\Software\Microsoft\WAB] "malead" = "1"
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This worm spreads via the Internet as an attachment to infected messages. It is a Visual Basic Script scenario. It is 1 186 bytes in size.
Payload
Hot Articles