Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
I-Worm.Heyy Viruses Information

Name: I-Worm.Heyy
Category: Viruses
Description: Details
I-Worm.Heyya

This is worm virus spreading being attached to Email messages, through IRC channels, infecting PE EXE files (Win32 executable files), VBS files and incorporating its copies to RAR and ARJ archives. The worm itself is Win32 executable file about 28Kb of length, and it infects Win32 machines only.
The worm has many bugs and in most of cases crash the system or corrupt files while infecting them.
Installing
When infected file is run, the worm copies itself to Windows system directory with one of the names randomly selects from following list depending on current day:
napster.exe
newbillgates.exe
HonNaCigana2.exe
FreeSoftGSM.exe
game.exe
call.exe
To access that copy later by its name the worm stores that name in Registry key:
HKLMSOFTWAREInfluenzaLab
MicrosoftOE = %wormname%
where %wormname% is the file name of worm copy (it will be used below as well).
The worm also copies itself to Windows directory with PornoChat.exe name and registers that file in Registry auto-run key:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
MicrosoftOE = %WinDir%PornoChat.exe
Updating
The worm is able to update itself. To do that it sets start page for MS Internet Explorer to "www.volny.cz/radix16/flu/update.gif". As a result on each Internet Explorer that GIF file is downloaded to affected machine. The worm then copies that file with C:updateFLU.gif name and processes it.
That can be not usual GIF image file - the worm looks for data that is attached to main GIF image data. The attached data has special format. It may contain a list of email addresses (it is stored to C:Heyya.txt file and is used later) and/or EXE file image.



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
EnolaGay.1183.
Konrad.99
Sunnyvale.228
Win32.Yerg.941
Necros.116
Mandra famil
Exploit.HTML.DialogAr
Macro.Word97.Bismar
Fair.208
I-Worm.Energy.


 

© 2006-2008 spyware32.com - Privacy Policy