W32.Prolin.Worm


Aliases: TROJ_SHOCKWAVE.A, CREATIVE, TROJ_PROLIN.A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Slow
Geographical info: Some parts of Asia, Europe, North and South America, Africa and Australia
Removal: Easy
Platform: W32
Discovered: 30 Nov 2000
Damage: Medium

Characteristics: W32.Prolin.Worm was discovered on November 30, 2000. This worm sends a copy of itself using the Microsoft Outlook to all email addresses listed in the address book. Also known as TROJ_SHOCKWAVE.A, CREATIVE and TROJ_PROLIN.A, this worm moves all .mp3, .jpg and .zip files to the root folder then renames each. W32.Prolin.Worm mostly affects Windows operating systems.

More details about W32.Prolin.Worm

Once W32.Prolin.Worm is executed, it emails a copy of itself to all contacts in the Microsoft Outlook address book using Creative.exe as the attachment and “A great Shockwave flash movie.” as the subject. The worm also sends a message to a Yahoo! email account. The worm then creates a copy of itself using Creative.exe as its file name in the drive C to be able to run itself everytime the Windows starts. After that, the worm enables all .mp3, .jpg and .zip files to move to the root folder. Then, each file will be renamed and appended with the text “change atleast now to LINUX” to the extension of each file. Lastly, the worm copies Messageforu.txt to the root of drive C.

GET RID OF W32.Prolin.Worm by running a full system scan then deleting all copies of the Creative.exe file. Open an MS-DOS window and rename the files back to their original extensions. Remember that those files were renamed by the worm. Then, move the files back to their original locations. If you do not know how to delete the files, click Start and point to Find or Search. Click Files or Folders and the “Look in” and other subfolders included in it should be set to C: and are checked. Type creative.exe in the “Named” or “Search for…” box. Click Find Now or Search Now to detect all Creative.exe files. Once those files are found, delete them. To rename the files, go to Start and click Programs as well as MS-DOS Prompt or Command Prompt. Type CD\ or ren*.jpg**.jpg, ren*.zip**.zip and ren*.mp3**.mp3 then press Enter. Close the DOS window. For putting the files back to their original locations, start Windows Explorer. In the left pane, select drive C and on the right pane, search for Messageforu.txt. If this file does not exist, select one of the files that has been moved to the root of the drive C and click Edit then Cut. Browse to and select the folder where you want to move the file. Click Edit and Paste then do the same steps until all files are moved.