Aliases: Bloodhound.W32.VBWORM, Email-Worm.Win32.Hunch.C, W32/Hunch-C, I-Worm/Hunch.C, WORM_HUNCH.C
Variants: Worm:Win32/
[email protected], W32/
[email protected], Hunch.C Internet Worm
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Fast
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 10 Apr 2002
Damage: High
Characteristics: Considered by many computer experts as one of the more destructive Worms in the computer industry, it has been known for deleting various files formats like DLL, OCX, and SYS among others. These files are normally stored in a single folder in the main hard drive. The
[email protected] is a mass mailing Worm variant which has a dangerous payload of attempting to format the main hard drive of the infected computer system.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean
[email protected] from your computer.
Consistent with the characteristics of mass mailing Worms, the
[email protected] harvests email addresses from the address book of the default email client of the operating system. The
[email protected] will send a spiked email message to all the contacts using a variable named subject file and file attachment. When executed in the compromised computer system it will display a pornographic image on the computer screen. The W32.
[email protected] will search for a specific folder on the main hard drive where a number of file formats will be completely deleted. This routine makes it impossible to restore the machine to a previous state. The Worm will create a copy of its codes into the same directory folder as the operating system usually with the EXE file extension.
The Windows Registry will be modified by the
[email protected] to include a new key value allowing it to automatically load at system boot up or at every restart instance. Using a predetermined list of file formats, the
[email protected] will scan the computer system for the presence of these files and randomly deletes five instances of every file format. A log file of deleted files is kept by this malware in a text file. The
[email protected] will modify the batch file of the operating system to deliver its payload which is to initiate a reformat procedure on the next boot up.