Bloodhound.Packed, Bloodhound.W32.5, I-Worm.VB.q, WORM_FILI.A
Category: Computer Worm
Some parts of Asia, Europe, North and South America, Africa and Australia
05 Oct 2004
On October 5, 2004, a generic Visual Basic worm named as [email protected]
was discovered. This worm spreads through Microsoft Outlook and peer-to-peer or P2P file-sharing networks. The worm also spreads through mIRC. It mostly affects Windows Systems like Windows 2000, 95, 98, Me, NT and XP.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
This generic Visual Basic worm is installed via open or sharing networks such as mIRC. Therefore, email sending is involved with different subjects and attachment name files with some file extensions. Once the worm is executed, it does several actions. First, it copies itself to the %System%\pilif.exe System folder. Then, the worm adds a value to the System registry key and creates two specific files. The worm finds for shared directories like KaZaa. It replicates itself using different subjects such as Yahoo hacker, Norton 2004 crack, Anti-hacker utility, etc. It also adds another value disabling the task manager. Then, it sends itself as an attachment on emails that will be sent to all contacts in the Microsoft Outlook address book. It searches for mIRC or mIRc32 to send itself through IRC and tries to disable any security-related processes.
The worm will finally run a process and will attempt to shut down the computer. Hence, the [email protected]
is successfully propagated. Its spreading might be that easy, but its manual removal is easier. The System Restore must be disabled and the virus definitions should be updated, so check the antivirus you are using. After restarting the computer in safe mode, run a full system scan to delete all files that are detected as [email protected]
Remove the value added by clicking Start and Run. Type regedit and navigate the System keys and entries added then delete the value.