W32.Entangle.Worm

W32.Entangle.Worm is a mass-mailing worm that will send itself to all recipients in the Windows Address Book. It will also copy itself to the %system% directory.

NOTE: %System% is a variable. The worm locates the \Windows\System folder (by default this is C:\Windows\System or C:\Winnt\System32), and then copies itself to that location.

W32.Entangle.Worm will create and run the Visual Basic script %Temp%\send.vbs, which the worm will use to gather email addresses.

NOTE: %Temp% is a variable. The worm locates the default folder that Windows uses to store temporary files (by default this is C:\Windows\Temp on Windows 95/98/Me and C:\Documents and Settings\Administrator\Local Settings\Temp on Windows NT/2000/XP), and then copies itself to that location.

Protection

• Initial Rapid Release version April 3, 2002
• Latest Rapid Release version August 20, 2008 revision 017
• Initial Daily Certified version April 3, 2002
• Latest Daily Certified version January 20, 2009 revision 048
• Initial Weekly Certified release date April 3, 2002

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.