W32.Fishinflu@mm


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 14 Jan 2008
Damage: Medium

Characteristics: W32.Fishinflu@mm is a mass-mailing worm that propagates via executable or removable drives and through messages sent to other mIRC users. It first appeared on January 14, 2008. It mainly affects Windows 2000, 95, 98, Me, NT, Server 2003, Vista and XP.

More details about W32.Fishinflu@mm

The mass-mailing worm W32.Fishinflu@mm sends emails to all addresses listed in the Microsoft Outlook address book and lowers the computer’s security settings. It modifies mIRC files to be able to send messages to other users who share the same connection. The worm is installed by copying and overwriting itself to several files. Then, the worm creates for about ten System registry entries and deletes several subkeys in the registry. Some registry entries are modified by the worm including the disability of the Windows Registry Editor, Task Manager and the command shell as well as the changes of the registered owner and/or organization of the computer. After several performance, the worm will copy itself as %SystemDrive%\[FOLDER NAME].exe in the local drives. Afterwards, it sends emails to all connected mIRC users.

Like the other worms that propagate inside the computer, W32.Fishinflu@mm can be manually removed. The System Restore should be modified by disabling it. Any virus definitions must be well checked and updated. After doing these, restart the computer. Next, run a full system scan to identify the values added to the System registry entries and keys that are detected as W32.Fishinflu@mm. Delete all values added by clicking the Start button and go to Run then type the following: regedit. Proceed by navigating some entries to be deleted. Restore the system registry subkeys that were deleted when the worm was installed.