|
|
ExploreZip / Explore Email Worm I received our email and I shall send you a reply ASAP. Till
then, take a look at the attached zipped docs.
Reading the email itself is harmless, but (as I have warned many times here) NEVER open an executable attachment unless you requested the file. The attachment is named (this could change so do not depend on this name) zipped_files.exe. If you execute this, it displays a message "Can not open file. This does not appear to be a valid archive..." The worm copies itself to the \windows\system directory with the filename "Explore.exe" and modifies the WIN.INI file to cause itself to be executed (adding a "run=" statement) whenever the Windows GUI is started. ExploreZip will also search other drives (including drives accessible through the network) looking for file *WIN.INI. (Any file ending in the letters 'WIN.INI'.) If it finds this file on the network, it installs itself as file _setup.exe and modifies the WIN.INI file to execute _setup.exe. The file _setup.exe is placed in the same directory as the *WIN.INI file that was located. The worm will then email itself to people in your address book. These people know you and are more likely to open and run the worm than others might.
Sotto Windows NT, ExploreZip aggiunge queste chiavi al registro e si avvia in automatico
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
run = "C:\WINNT\System32\Explore.exe"
Danni da ExploreZipcancellazione di tutti i file con questa estenzione : .C, .H, .CPP, .ASM, .DOC, .XLS, . PPT.
Usa un antivirus per pulire il file NON CANCELLARLO !!! |