Aliases: I-Worm.Choke (AVP) / MSM/Psychopatt / W32/Choke (Sophos)/ W32/Choke.gen.worm / W32/Choke.worm / W32/Choke.worm.gen / Win32.Choke (CA)
Variants: W32/Choke.b.worm

Classification: Malware
Category: Computer Worm

Status: active
Spreading: Low
Geographical info: Low
Removal: Easy
Platform: W32
Discovered: 06 Jun 2001
Damage: Low

Characteristics: The W32.Choke.Worm program uses MSN Messenger Service program to duplicate and spread. People should be wary in using MSN Messenger Service or even stay away because a lot of known viruses are circulating through this program.

More details about W32.Choke.Worm

The main function of the W32.Choke.Worm program is to duplicate. When the program runs on a computer with MSN Messenger Service program installed, it simply remains resident in memory without replicating. As such, the threat and the possibility of this virus spreading into your computer or laptop is minimal. The worm W32/Choke.a is created in Visual Basic language through MSN Messenger. The worm contains filename which usually ends in .exe file extension. When the worm runs into your computer, it displays a message box entitled, "Choke", which then reads, "This program needs Flash 6.5 to run!". Clicking OK would result in the display of another message box. From there, you will see error messages such as "Run time error" and "Cannot run program..Quiting!" These messages signal that the program is already copying itself to the root directory of the current drive as CHOKE.EXE. Your account in MSN Messenger will have an .exe file extension at the end. A text file with the text body ”Choke , Copyright ® 1886 ... A MAD CHRISTIAN” is also created.

The worm also creates a registry which can be manually removed. If this registry has already been created, the worm will send itself to MSN Messenger users who chat with an infected user. When the file is sent, a message saying: “President bush shooter is game that allows you to shoot Bush balzz hahaha” is sent along with it. It also contains file attachments such as ShootPresidentBUSH.exe, Choke.exe [Sender's First Name].exe, and Hotmail.exe.