I-Worm.Winmine, W32/[email protected]
Category: Computer Worm
North and South America, Australia, Europe, Asia
05 Jul 2001
This threat disguises itself as an update to a game included with the installation of the operating system. The W32/[email protected]
is designed with two elements, its main executable file and a Visual Basic Script component. The Visual Basic component of the malware is responsible for transmitting the executable file to all contacts in the address book of the default email client of the operating system. It executes a code at every 15th of the month.
W32.Mineup.Worm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Mineup.Worm from your computer.
More details about W32.Mineup.Worm
This threat was programmed using a High Level Language and is specific to a component of the operating system. The W32/[email protected]
upon execution will verify the location where it is launched from. If the location is not within the directory folder of the operating system the W32/[email protected]
will display an alert message. The message will inform the computer user that it is the last update for a computer game. The malware will attempt to look authentic by including the name of the developer of the operating system in the window title. If the unsuspecting computer user clicks on the OK button of the message box, the W32/[email protected]
will proceed by copying its executable file into the same location where the operating system files are stored.
When the W32/[email protected]
is launched directly from the directory folder of the operating system it will generate a VBS format file in the root directory of the main hard drive of the infected computer system. This file is immediately executed without user intervention and will allow the W32/[email protected]
to send an executable file to all contacts found in the address book of the default email client of the operating system. The W32/[email protected]
checks if it is the 15th of the month and will deliver its payload of swapping the functionality of the mouse buttons.