www.tombraiderforums.com

Go Back   www.tombraiderforums.com > Community Forums > General Chat

Reply
 
Thread Tools
Old 26-08-03, 17:10   #1
caleb_yee
Historian
 
Join Date: Aug 2003
Location: MALAYSIA
Posts: 283
Post

W32.HLLW.Yodo.B is a mass-mailing worm that sends itself through any MAPI-compliant email client, including Microsoft Outlook.

The mail has the following characteristics:

Subject: A E-card just for you from your friend
Message: Hello. I just wanted to send you this e-card to show you how much of a friend you are to me! Please look at the attached E-card.
Scanned with Norton Anti-Virus
Attachment: ecard.exe

When W32.HLLW.Yodo.B runs, it performs the following actions:

Displays the following message:


Copies itself as the following:

%Windir%\ecard.exe.
%System%\ecard.exe

NOTES:
%Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
%System% is a variable. The worm locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Adds a value:

"E-Card"="ecard.exe"

to the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

so that the worm runs when Windows starts.

Deletes the following files:

%Windir%\*.ini
%System%\regedt32.exe

Sends itself through any MAPI-compliant email client, including Microsoft Outlook.

The mail has the following characteristics:

Subject: A E-card just for you from your friend
Message: Hello. I just wanted to send you this e-card to show you how much of a friend you are to me! Please look at the attached E-card.
Scanned with Norton Anti-Virus
Attachment: ecard.exe

Removal instrutions
1.Disable System Restore (Windows Me/XP).
2.Update the virus definitions.
3.Run a full system scan and delete all the files detected as W32.HLLW.Yodo.B.
4.Delete the value that was added to the registry.

No jokes....beware people...this look nasty
Restore the files that the worm deleted
caleb_yee is offline   Reply With Quote
Reply

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT. The time now is 23:51.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.