W32.Horo@mm
Aliases: WORM_WCONN.B, W32/Horo@MM
Variants: W32/Horo
Classification: Malware
Category: Computer Worm
Status: Dormant
Spreading: Fast
Geographical info: Asia, North America, Australia
Removal: Hard
Platform: W32
Discovered: 14 Jan 2003
Damage: Low
Characteristics: This mass mailing Worm variant makes use of the default email client of the operating system as its main transport mechanism. The W32.Horo@mm therefore can capably gain access to the address book of the email client and target all the contacts in the list. This malware attempts to mask its true nature by pretending to be a harmless email message providing free horoscope readings to the unsuspecting recipient.
W32.Horo@mm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Horo@mm from your computer.
More details about W32.Horo@mm
Initial actions of the W32.Horo@mm include the dropping of a copy of itself onto the desktop of the compromised computer system. The file that is extracted by this malware on the computer user's desktop is disguised as a legitimate screensaver file with the SCR file extension. The W32.Horo@mm will also attempt to infiltrate the directory of the operating system in an attempt to expand its infection. It will scan the filenames of everything stored in the directory and create new multiple versions of itself. The W32.Horo@mm will use the filename and extension of the legitimate file as its own filename and make it an EXE type. It will attempt to register its SCR format file into the Windows Registry by adding a new key value.This mass mailing Worm will proceed by making respective entries into the Windows Registry for every new multiple executable file it created. There is a possibility that it may use the Windows Registry to hook the functionality of the operating system's email client. Once all Windows Registry modifications have been completed, the W32.Horo@mm will proceed by harvesting the email addresses. It will send a spiked email message to all contacts with its SCR format file as an attachment. The W32.Horo@mm disguises the email message as a type of free promotional material to trick the computer user into launching its files.
Browse for more malware information
- W32.Horo@mm
- W32.Hotmatom
- W32.Housax.Irc
- W32.Huayu
- W32.Huegone@mm
- W32.Hunch.C@mm
- W32.Iberio
- W32.Icecubes.Worm.B
- W32.Ifbo.A
- W32.Illsei@mm
- W32.Imaut
- W32.Imautorun
- W32.Imav.A
- W32.Imcontactspam@mm
- W32.Imspread.Gen
- W32.Indor
- W32.Inmota.Worm
- W32.Ircbrute
- W32.Iretsim
- W32.Iteb.A
- W32.Ixas@mm
- W32.Jacksuf!inf
- W32.Jalabed.B@mm
- W32.Jambu
- W32.Jantic.B@mm
- W32.Janx
- W32.Jermy.A
- W32.Jitux.Worm
- W32.Joot.A@mm
- W32.Josam.Worm
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.