W32/Zush, Win32/Zush.A, Email-Worm.Win32.Zush, I-Worm.Zush, W32/HLL.ow.Zush
W32/Zush-A, Win32/[email protected]
, W32/Zush.A, I-Worm/Zush.B , [email protected]
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
24 Sep 2001
The [email protected]
program is a worm that spreads itself without any user intervention. It copies itself to a system file and then sends email to all the contacts it finds in the Windows Address Book.
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean [email protected]
from your computer.
The [email protected]
is a mass-mailing worm that affects most Windows Operating System. Its objective is to spread itself and infect computers as many as possible. This is done by creating duplicates of themselves, collecting email addresses from the infected computer’s address book, and sends themselves to the collected email addresses. The email distributed by the [email protected]
looks seemingly like a regular email from a regular person, except for its subject which is written in Spanish. When an email is contained with the [email protected]
worm, it activates itself instantly the mail is previewed. The [email protected]
runs in the infected system’s background as a system process, using up system resources. This greatly affects the system’s performance and functionality, which usually ends in abnormal system behavior, and in worst case, system crash.
When the [email protected]
worm is launched, it locates the infected computer’s system folder, and creates a copy of itself as a system executable file “System32.exe.” It then sends emails to all the contacts it finds in the user’s email list, with subject “Vazna informacija!”, random message body, and an executable file attachment. If a computer is infected with the [email protected]
worm, its system performance may become poor and unresponsive. This may be fixed though by removing the worm. To do this, the user should disable system restore, to prevent restoration of the [email protected]
worm. Then through the updated security software installed in the computer, run a full system scan, and then delete all the files detected as [email protected]