This is a worm that comes as an email with an attachment with a names sars.exe, Virus.exe, Corona.exe, death.exe, CV.exe from the emails sars2@hotmail.com, corona@hotmail.com.It is a very dangerous and spreads very fast when executed and slows down the PC.
Effects:
It does the following things when executed:
- Changes the home page to http://www.who.int/csr/don/2003_04_19/en/
- Drops its file CORONA.exe in windows folder
- Adds itself to the registry key HKLM\Software\Microsoft\Windows\Current Version\Run "PC-Config32" = "C:\corona.exe -A"
- Drops a file in C:\My Download or in the current directory where it is executed.
- The corrupted file is filled with useless data that occupies unwanted space on the hard disk which goes up to Certain GB's.
- Age Of Mythology.exe
- Battlefield 1942 (full).exe
- Black Hawk Down (full).exe
- Doom 3.exe
- Grand Theft Auto 3 (full).exe
- Medel Of Honor: Allied Assault.exe
- Quake 3 Full Version.exe
- Rainbow 6 Full.exe
- Return to Castle Wolfenstien (Full).exe
- Starcraft full.exe
- The Lord of the Rings.exe
- The Sims: Unleashed.exe
- Unreal 2: The Awakening (full).exe
- Warcraft III Full.exe
- It checks this registry key to obtain list of addresses HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab File Name
- Initiates its own SMTP engine to send emails with any of the names Corona.exe, hongkong.exe, Virus.exe, Sars.exe, Deaths.exe from senders virus2@china.com
- It also modifies the home page as http://www.who.int/csr/don/2003_04_19/en/ which is a site on SARS
0 comments:
Post a Comment