Technorati
Digg
Delicious
Reddit
StumbleUpon
Facebook
Yahoo
Twitter
Faves
Newsvine
- Discovered:
- January 16, 2002
- Updated:
- February 13, 2007 11:51:04 AM
- Type:
- Worm
This is a Microsoft Outlook worm with backdoor and pasword stealing features.
When this worm is executed, it does the following:
It creates the files:
- C:\Userdat.sys
- C:\System.dll
These are log files that the worm uses. It uses System.dll to log your keystrokes. This key logging feature can steal your username, password and other private, typed information.
The worm next creates the file \Windows\Winstart.bat.
It then creates copies of itself as:
- \Windows\Kernel32.ini
- \Windows\System\UserConf.exe
The worm also adds the value:
UserData C:\Windows\System\UserConf.exe
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
This will run the worm every time that you start Windows.
Antivirus Protection Dates
- Initial Rapid Release version January 17, 2002
- Latest Rapid Release version September 28, 2010 revision 054
- Initial Daily Certified version January 17, 2002
- Latest Daily Certified version September 28, 2010 revision 036
- Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Gor Nazaryan
