1. Symantec/
  2. Security Response/
  3. Worm.ExploreZip


Risk Level 1: Very Low

June 6, 1999
May 1, 2007 10:34:31 AM
Also Known As:
I-Worm.ZippedFiles [Kaspersky], Win32/ExploreZip.Worm [Computer Associates], W32/ExploreZip@MM [McAfee]
Infection Length:
210,432 bytes
Systems Affected:
Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000
Worm.ExploreZip is a worm that contains a malicious payload. The worm utilizes Microsoft Outlook, Outlook Express, or Exchange to mail itself out by replying to unread messages in your Inbox. The email attachment is Zipped_files.exe.

The worm also searches mapped drives and networked computers for Windows installations. If found, it copies itself to the \Windows folder of the remote computer and then modifies the Win.ini file of the infected computer.

On January 8, 2003, Security Response discovered a packed variant of this threat which exhibits the same characteristics. Protection will be available for this new variant in virus definitions dated 1/8/2003 with a version number of 50108q (20030108.017) or greater.

Antivirus Protection Dates

  • Initial Rapid Release version June 9, 1999
  • Latest Rapid Release version May 9, 2011 revision 040
  • Initial Daily Certified version June 9, 1999
  • Latest Daily Certified version May 10, 2011 revision 003
  • Initial Weekly Certified release date June 9, 1999
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Eric Chien

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube