I-Worm.Ganter.c, W32/[email protected]
, I-Worm/Outsider, Win32.Thaprog.C, WORM_REDZED.A
Category: Computer Worm
Active & Spreading
11 Jun 2003
Characteristics: [email protected]
is a mass-mailing worm. It affects Windows systems. It has password-stealing capabilities. The email uses variable subject lines and attachment names that are chosen from a hard-code list. The attachment will have either a .exe or a .pif file extension. It also spreads through various file-sharing networks.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
arrives in the computer as an email. This worm affects all Windows systems. Once it infects a computer, it may steal passwords which it sends to a hotmail account. It uses different subject lines and attachment names. Some of the subjects include: MP3 downloader, Modem booster, Fire ScreenSaver, Program, Password List, and Some card games. Attachments include Card_install.pif, MP3Connect.pif, ModemBooster.exe, FireScreen.pif, Winprg32.pif, and PswdLst.pif. When [email protected]
is run, it creates the files: Card_install.pif, Mslg32.exe, and Winlg32.exe. It modifies the registry to make sure it loads every Windows start up. It searches for subfolders in the Program Files folder and creates copies of itself. It then sends itself to all the contacts in the Windows Address Book. In addition, it sends all the cached passwords to the hotmail account, [email protected]
The worm [email protected]
can be removed from an infected computer manually. The [email protected]
program bypasses the usual installation procedures. It does not display a EULA (End User License Agreement) that should contain details regarding the installation of the program. This agreement is usually presented before a program is installed. The application may not appear on the Add/Remove Programs panel on the computer. This makes the application difficult to remove.