Discovered: September 1, 2002
Updated: February 13, 2007 11:51:38 AM
Type: Worm, Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
W32.Nohoper.7397 is a virus that can infect Portable Executable (PE) files in the C:\%system% folder. It is also a mass-mailing worm that uses Microsoft Outlook to send an infected file to all contacts in the Microsoft Outlook Address Book. The worm may also spread through mIRC. The email message has the following characteristics:
Subject: Some freeporn
Message: Here is the file you asked for...
Attachment: Freeporn.exe.pif
What are Portable Executable (PE) files?
PE files are files that are portable across all Microsoft 32-bit operating systems. The same PE-format executable can be executed on any version of Windows 95, 98, Me, NT, 2000 and XP. Therefore, all PE files are executable, but not all executable files are portable.
A good example of a Portable Executable is a screen saver (.scr) file.
Protection
-
Initial Rapid Release version September 3, 2002
-
Latest Rapid Release version August 20, 2008 revision 017
-
Initial Daily Certified version September 3, 2002
-
Latest Daily Certified version January 20, 2009 revision 048
-
Initial Weekly Certified release date September 4, 2002
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Yana Liu
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine
