W32/Goner.A@mm
W32/Goner.A@mm
Threat risk
|
Detection files published:
04 Dec 2001 |
Description created:
2001-12-04 |
Description updated:
2002-03-13 |
|
Alias:
|
Spreading mechanism
Email, Other | |
|
Payload:
Deletes antivirus files | ||
Summary
This is an email and ICQ worm.Spreading description
Email characteristics:
Subject: Hi
Body: How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!
Attachment: GONE.SCR
When executed, it will first display a small animated picture, which will be immediately followed by an error message.
After this it will mail itself to all addresses in the Outlook address book.
The worm copies itself to the Windows system directory under the name GONE.SCR and sets the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run to point to this.
If ICQ is installed on the infected computer, the worm will attempt to send itself to other ICQ users online.
Threat description
The worm tries to stop processes and delete files belonging to certain antivirus products.It will also in some cases install some flood scripts to the Internet Relay Chat client mIRC.
Removal
General information about removal of malicious software
Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.
| Utilizzo | Titolo | Commento |
|---|---|---|
| Blocco dei virus che infettano le condivisioni di rete | ||
| Cleaning of back-up folders on Windows Me and XP |