Virus Alert Notification Win32.Goner.A worm

[Guest guest]

Virus Alert Notification

Win32.Goner.A worm

Win32.Goner.A worm also known as W32.Goner.A@mm is a new mass-mailer

spreading via Microsoft Outlook that masquerades as a screen saver. It

also has ICQ and mIRC spreading capabilities.

The worm attaches itself to an email with the subject line " Hi " , and

attachment name " gone.scr " . The message body reads:

How are you ?

When I saw this screen saver, I immediately thought about you

I am in a harry, I promise you will love it!

Once activated, the worm display a message box about it's origin, and an

error message " Error While Analyze DirectX! " . It searches the following

processes in memory:

APLICA32.EXE

ZONEALARM.EXE

ESAFE.EXE

CFIADMIN.EXE

CFIAUDIT.EXE

CFINET32.EXE

PCFWallIcon.EXE

FRW.EXE

VSHWIN32.EXE

VSECOMR.EXE

WEBSCANX.EXE

AVCONSOL.EXE

VSSTAT.EXE

PW32.EXE

VW32.EXE

VP32.EXE

VPCC.EXE

VPM.EXE

AVP32.EXE

AVPCC.EXE

AVPM.EXE

AVP.EXE

TDS2-98.EXE

TDS2-NT.EXE

FEWEB.EXE

Once found, the process is terminated. The worm then search and delete all

files under the directory from where the target process launched. If any

files can not be removed at the time, an entry will be added to

WININIT.INI and the file will be removed at the next Windows restart.

The worm drops a copy of itself as " gone.scr " to the System directory, and

registry this copy to be run on Windows startup. The registry key:

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN, Key name " \gone.scr "

with value " \gone.scr "

 

=====

Free antivirus software at www.grisoft.com

 

Free firewall software at www.zonealarm.com

 

Check against email hoaxes at www.stiller.com/hoaxes.htm

 

or www.scambusters.org/legends.html

 

 

 

Buy the perfect holiday gifts at Shopping.