W32.Conedi.Worm


Aliases: I-Worm.Cone.f (AVP), W32/Cone-F (Sophos), W32/Cone.E.worm (Panda), W32/Cone.G (F-Prot)
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: active & spreadings
Spreading: slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: easy
Platform: W32
Discovered: 21 Jun 2002
Damage: Low

Characteristics: The W32.Conedi.Worm program is considered a mass mailing worm intended to put down the website, www.irna.com website.

More details about W32.Conedi.Worm

According to some report, the W32.Conedi.Worm program sends email with subjects such as: antivirus, management, administration, virus-detection, AV, support and staff. You may also see subject such as: your help file attached, W32.Mydoom.H in your mail, Your computer is probably infected by W32.Mydoom.H, Norton Antivirus detected W32.Mydoom.H in your mail, Large amount of W32.Mydoom.H outgoing from your email, Virus detected in your mail, Your computer is infected by W32.Mydoom.H, Your computer is probably infected, Your message was infected by Mydoom, I found a virus in your message, I recieved a message from you containing Mydoom and Mydoom.H in attachment of your message. Emails may also contain sample messages such as this,”your help file attached,”Hi, The attachment is a virus. I write it to say: we don't want Islamic Republic in IRAN! I'm realy realy sorry, I'm damaging the computers that I don't want to damage!!!! I choose to help a nation to be free with cost of some computer infections!!! Do you choose this if you must choose one? all of the other ways closed, no one listen to us!!!! please support me, open the virus and let it spread, it does not have any damage, just your internet connection may become some slow! for more info search "W32.Cone.E",”Dear users of %domain% , Our antivirus software has detected a large amount of viruses outgoing from your email account (%email address% ), you may use our removal instruction to clean up your computer software,” Dear users of %domain%,” Norton Antivirus has detected about %random number% e-mail(s) infected by W32.Mydoom.H outgoing from your mail account(%email address% ). W32.Mydoom.H is a category 4 virus and Norton Antivirus 2004 is updated automatically for removal instructions of cat 4 and 5 viruses, and then send them for infected computers to prevent more infections. your computer is infected by mydoom.H, because i recieved more than 20 messages containing mydoom.H from you i attached help file of removal instructions of this virus, please cleanup your computer, before connecting to internet,”hey, i'm tired of deleting emails infected by Mydoom.H from you, i attached the symantec removal instructions help file for Mydoom.H please cleanup your computer, or do not connect to internet.,”Cleanup your computer, i have recieved more than 20 message infected by Mydoom.H from you, i attached the symantec removal instructions help file for W32.Mydoom.H” and “hi, i have recieved an email from you infected by W32.Mydoom.H, the attached file is a help file (.chm) containing removal instructions of Mydoom.H, i have downloaded it from www.symantec.com. to check to see if your computer has been infected by Mydoom.H refer to "Check for presence of W32.Mydoom.H" in the help file. "

The abovementioned messages should not be trusted for they contain this worm and may spread and infect your computer. It also displays a window saying there is an email spoofing or a messages that says, “Seems like this file's been infected by The Omen virus...The condor never die.” These are signs that your computer is already infected. Manual removal should be done immediately.