No coin nor oath required. For personal study only.
The virus modifies the registry to load at the next Windows startup. It also writes a VBScript file to the system as WINVER.VBS in an attempt to distribute itself via MAPI Email. It may arrive as one of a large number of attachments (for details see http:// vil.nai.com/villib/dispvirus.asp ?virus_k=98781).
It is possible to detect this virus by its existence in the above-mentioned folders. This Trojan will modify the registry to load at Windows startup after first copying itself to the local system. If MAPI E-mail is available and Windows Scripting Host is installed, it will attempt to send itself via E-mail to several recipients in the Outlook address book.
It is recommended that you use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use an emergency boot disk and use the command line scanner such as 'SCANPM C: /CLEAN/ALL'.
📜 SIMILAR VOLUMES