W32/Recory, I-Worm/Recory, WORM_RECORY, W32/[email protected]
, Recory Internet Worm
Variants: [email protected]
Category: Computer Worm
Active & Spreading
31 Dec 2002
Characteristics: [email protected]
is a mass-mailing worm. It is written in Visual Basic. For it to execute, the Visual Basic run-time libraries have to be installed on the computer. It uses Microsoft Outlook to spread itself to all the contacts in the Windows Address Book. It also spreads via a file-sharing network.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
The email that the worm [email protected]
sends has a randomly chosen subject and attachment. The attachment will have an extension of .com, .exe or .pif. When [email protected]
is executed, it copies itself into the system using various filenames. It also modifies the registry to make sure it runs every time Windows starts. The worm searches the computer for specific files. If the file RecoveryWorm32.scr is not found, the system date is January 16th, March 16th, May 16th, July 16th, September 16th, or November 16th. If the following files are found: Msdos32.pif, TaskBoot.com, Autoexec32.bat, or Autotest.com, the worm displays a message, The message has a title that reads: “W32/Recovery family worm by...”. The body of the message reads: It seems to me that your computer is in need of urgent recovery.
uses Microsoft Outlook to email itself to all the contacts in the Windows Address Book. The email message uses different subjects and attachments.
Pop-up advertisements can be displayed by the [email protected]
program in the infected system whenever it is connected to the Internet. A keylogger function may be used to capture the data as it is being typed. The browsing habits may also be recorded and sent to a remote server as market research.