Goner.A, I-Worm.Goner, W32/[email protected]
, WORM_GONER.A, W32/Goner-A
Win32.Goner.A, W32/[email protected]
, Win32.HLLM.Goner, Win32/Goner.A, Worm/Goner
Category: Computer Worm
North and South America, Europe, Australia
04 Dec 2001
Another type of mass mailing Worm, this threat normally arrives as an attachment of a spiked email and makes use of the default client of the Microsoft Windows Operating System platform as well as Internet Relay Chat clients to spread its codes. The [email protected]
can check for the presence of the IRC client in the infected computer system and use the Internet Relay Chat service to issue a Denial of service attack on specific servers.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
Like most Worm malware, this particular threat requires the user to manually launch its trigger file in order to infect a vulnerable machine. Aside from email and Internet Relay Chat, the [email protected]
may also use Internet paging clients to deliver its trigger file. Simply viewing the message or chat contents will not execute the infection. In order to trick the recipient into launching its file, the [email protected]
assumes the personality of the user of the infected machine. This makes the other party believe that the file transmitted is legitimate causing its execution. Normally the trigger file of the [email protected]
is disguised as a type of screen saver using the SCR file extension. A message box is displayed on the screen of the infected machine.
The [email protected]
sends email messages in the background attempting to conceal it from the computer user. It will also modify certain Windows Registry key settings in order to establish its presence in the machine. The [email protected]
will also terminate active processes that are associated to system protection. The executable files for these security programs and protocols will be deleted accordingly. If the files to be deleted are in use, the malware will create an initialization file to ensure that the target files will be removed from the system on the next boot up or startup instance.