1. Symantec/
  2. Security Response/
  3. W32.Friendgreet.worm

W32.Friendgreet.worm

Risk Level 1: Very Low

Discovered:
October 25, 2002
Updated:
February 13, 2007 11:41:02 AM
Also Known As:
Friendgreetings, WORM_FRIENDGRT.A [Trend], WORM_FRIENDGRT.B [Trend], Friend Greeting application [M, Friend Greeting application (I
Systems Affected:
Windows

In October 2002, an electronic greeting card (e-card) that appeared to have the characteristics of a worm, was sent to thousands of email addresses.

Based on requests from Symantec's corporate customers, Security Response provided definitions that detect and block this program.

The installation of software associated with the e-card requires your permission for it to perform its mass-mailing functions. If you cancel the installation of the software, worm-like activities will not be performed.

As of January 2004, the original Web site, www.friendgreetings.com, to which the e-card is linked appears to be unavailable.




The following Web sites have been reported to host the installation package for W32.Friendgreet.worm. Security Response has not confirmed this. Also, other similarly named sites may exist.
    • www.friendcard.com
    • www.friendcard.net
    • www.friendcards.com
    • www.friendcards.net
    • www.friend-card.com
    • www.friend-card.net
    • www.friend-cards.com
    • www.friend-cards.net
    • www.cool-download.com
    • www.cool-download.net
    • www.cool-downloads.com
    • www.cool-downloads.net
    • www.friend-greet.com
    • www.friend-greeting.com
    • www.friend-greeting.net
    • www.friend-greetings.com
    • www.friend-greetings.net
    • www.laugh-mail.com
    • www.hkg3.com
    • surprisecard.net
    • surprisecards.net
    • surprise-card.net
    • surprise-cards.net
    • surprisegreeting.net
    • surprisegreetings.net
    • surprise-greeting.net
    • surprise-greetings.net
    • net2.net-downloads.com
    • net3.net-downloads.com
    • pv1.us-downloads.com
    • 64.191.7.4
    • 65.240.226.240
    • 65.240.226.241
    • 65.240.226.242
    • 207.21.232.104

System Restore option in Windows Me/XP
If your Symantec antivirus product continues to detect this threat in the Windows Me and Windows XP System Restore folders, temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. When a computer is infected with a virus, worm, or Trojan, it is possible that the virus, worm, or Trojan could be backed up by System Restore. By default, Windows prevents System Restore from being modified by outside programs. As a result, there is the possibility that you could accidentally restore an infected file, or that online scanners would detect the threat in that location. For instructions on how to turn off System Restore, read your Windows documentation or one of the following articles:
For additional information and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article Anti-Virus Tools Cannot Clean Infected Files in the _Restore Folder, Article ID: Q263455.

Antivirus Protection Dates

  • Initial Rapid Release version October 28, 2002
  • Latest Rapid Release version August 8, 2016 revision 023
  • Initial Daily Certified version October 28, 2002
  • Latest Daily Certified version August 9, 2016 revision 001
  • Initial Weekly Certified release date October 28, 2002
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube