I-Worm.Zoek.b, I-Worm.Zoek.dll, [email protected]
I-Worm.Zoek.e, Win32/Zoek.E.Worm, [email protected]
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
04 Sep 2001
The [email protected]
program is a worm that arrives as an email message which holds a link to an executable file. Once the executable file was run, it attaches and sends itself to all the contacts found on the Windows Address Book containing the same message.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
The [email protected]
worm spreads via mailing itself to recipients extracted from the victim’s computer. It arrives as an email message that contains a link to an executable file, downloadable on a malicious Web site. The system may only be infected if the worm is executed on the victim’s machine. Once the executable file is downloaded and run, the worm mimics a screensaver with a note and a single button while creating a backdoor into the infected computer system. After which, the worm sets a registry key in order to decode the encoded backdoor server, and execute it. It then sends the same message to the collected email addresses. The email addresses collected were listed and found in the Windows Address Book of the infected device.
Once activated, the [email protected]
worm creates several configuration and executable files such as “Tcasutaw.exe”, “Accountboy.ini”, “Installboy.ini”, etc. One of the files included is a backdoor component, in which once activated, creates a registry key value. Afterwards, it sends a copy of the email message having an email subject “Maxima Screensaver” and a URL link message body to all contacts found in the Windows address book and Outlook mail archive. The [email protected]
self-replicates itself and may consume huge amount of system resources. This may result with a poor system performance, and may cause the device to become noticeably slow, unresponsive and unreliable.