Virus Encyclopedia
Displaying Results for threatI-Worm/Stration
This worm spreads by e-mail as an attachment or as a hyperlink in ICQ message.
Installation:
When the worm is launched it copies itself to the Windows System folder and creates some files like DLL libraries. Virus adds link to main executable file to the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key so virus is launched on computer startup. Libraries are registered in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows key in "AppInit_DLLs" item and some variants registers libraries also to the HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify key.
Spreading: E-mail
Virus sends messages with forged sender address, subject of these messages is usually as follows (depends on virus variant):
Error
Good Day
hello
Mail Delivery System
Mail server report
Mail Transaction Failed
picture
Server Report
Status
test
Message contains executable attachment named for example as follows:
body.*
test.*
text.*
Update-KB*-x86.*
Spreading: ICQ
Virus sends messages with hyperlink to the infected file over ICQ. These messages are sent without user knowledge. Computer is infected when recipient downloads and executes infected file.
Payload:
Virus blocks some security software such as various firewalls, anti-virus systems etc. In case of AVG virus blocks updates. Some versions of this worm might cause Explorer errors, worm can block saving from Notepad, block using of Registry editor and most variants downloads other malicious files from the Internet.
Removing:
Erase all files detected as I-Worm/Stration. You can also use our Vcleaner utility for removing this virus from your computer.