1. /
  2. Security Response/
  3. W32.Vote.gen@mm

W32.Vote.gen@mm

Risk Level 2: Low

Discovered:
September 27, 2001
Updated:
February 13, 2007 11:46:51 AM
Type:
Worm
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

W32.Vote.gen@mm is a mass-mailing worm that is written in Visual Basic. When it is executed, it emails itself to all email addresses in the Microsoft Outlook address book. The worm inserts three .vbs files on the system. It also modifies the Internet Explorer home page. W32.Vote.gen@mm is a variant of W32.Vote.A@mm. The main difference is that it inserts three VBS scripts instead of two.

NOTE: Virus definitions dated September 26, 2001 or earlier may detect this as either W32.Vote.A@mm or W32.Vote.B@mm




If the Backdoor.Trojan was successfully installed on the computer, it is possible that your system has been accessed remotely by an unauthorized user. For this reason it is impossible to guarantee the integrity of a system that has had such an infection. The remote user could have made changes to the system, including but not limited to the following:
  • Stealing or changing passwords or password files
  • Installing remote-connectivity host software, also known as backdoors
  • Installing keystroke logging software
  • Configuring firewall rules
  • Stealing credit card numbers, banking information, personal data, and so on
  • Deleting or modifying files
  • Sending inappropriate or even incriminating material from a customer's email account
  • Modifying access rights on user accounts or files
  • Deleting information from log files to hide such activities

To be certain that your organization is secure, you must reinstall the operating system, restore files from a backup that was made before the infection took place, and change all passwords that may have been on the infected computers or that were accessible from it. This is the only way to ensure that your systems are safe. For more information regarding security in your organization, contact your system administrator.

Antivirus Protection Dates

  • Initial Rapid Release version September 27, 2001
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version September 27, 2001
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Moderate
  • Removal: Moderate

Damage

  • Damage Level: Medium

Distribution

  • Distribution Level: High

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver