Aliases: I-Worm.Mari.a, I-Worm/Mari.A, Win32.Mari.A, W32/
[email protected], Win32/
[email protected]
Variants: W32/Marijuana,
[email protected], Email-Worm.Win32.Mari.a, Win32.HLLW.Mari.45056, WORM_MARI.D
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 08 Jun 2001
Damage: Low
Characteristics: As a malware written using the Visual Basic programming language, one of the requisites prior to its execution is that the Visual Basic runtime libraries must be running in the host computer system. If this is met, the
[email protected] will proceed by dropping an executable copy of itself into the directory folder of the operating system and modify the initialization file of the operating system. It will place its own icon at the system tray.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean
[email protected] from your computer.
After successfully installing its executable file component, the
[email protected] will modify the initialization file of the operating system by adding the Load and Open instructions. These commands will allow the executable file of the
[email protected] to be launched as soon as the operating system is loaded. The Windows Registry will also be modified to add its automatic startup value along with the replacement of data associated with the Registered Owner and Registered Organization of the infected computer system. The
[email protected] will replace the contents of these fields with data hard coded into its body. An email message with an executable file attachment will be sent out by the
[email protected] to all contacts found in the address book of the default email client.
The
[email protected] has been observed to modify the default homepage of the Web browser into a website that is predetermined by its malicious author. The
[email protected] will place its marijuana leaf icon in the system tray of the compromised machine right beside the system clock. Once the mouse pointer hovers over the icon a message stating "Legalize It" will be displayed. If the system tray icon is clicked a message box will be displayed by the malware. If the
[email protected] detects the system time as 4:20 in the afternoon it will display a message box titled "The Marijuana Virus!!".