Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
I-Worm.Prolin (a.k.a. Creative Viruses Information

Name: I-Worm.Prolin (a.k.a. Creative
Category: Viruses
Description: Details
I-Worm.Prolin (a.k.a. Creative)

This is a virus-worm that spreads via the Internet by using MS Outlook. The worm itself is a Windows EXE file about 37Kb in length, and written in VisualBasic. The worm uses a standard MW97_Melissa-like way of spreading: it opens the MS Outlook address book, obtains addresses from there, and sends its copies to these addresses. The message reads as follows:
Subject: A great Shockwave flash movie
Message text:
Check out this new flash movie that I downloaded just now all It's Great
Bye
Attach name: creative.exe

The worm then sends a "notification" message to its author and informs him about the next infected computer:
To: z14xym432@yahoo.com
Subject: Job complete
Message text: Got yet another idiot

The worm also creates its copies on the C: disk with the following names:
C:creative.exe
C:WINDOWSStart MenuProgramsStartUpcreative.exe
The second copy is placed in the auto-run directory so it will be activated upon each Windows restart.
The worm has a dangerous payload. It scans all disk drives, obtains ZIP, MP3, and JPG files, and renames them to C: drive with the following name:
C:%victimfile%change atleast now to LINUX
for example, BGAMEX.JPG and DATA.ZIP are moved to:
C:BGAMEX.JPGchange atleast now to LINUX
C:DATA.ZIPchange atleast now to LINUX
The worm also creates the text file "c:messageforu.txt", writes the text there and adds list of removed files, such as the following:
Hi, guess you have got the message. I have kept a list of files that I
have infected under this. If you are smart enough just reverse back the
process. i could have done far better damage, i could have even
completely wiped your harddisk. Remember this is a warning & get it sound
and clear... - The Penguin
C:WINDOWSSYSTEMOOBEIMAGEXBGAMEX.JPG
C:BACKUPDATA.ZIP



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Peasant.124
I-Worm.3DStar
BeastVir.66
Win95.Spawn.4096.
Win95.Tecata.176
FOG.AirRaid.173
Rikki famil
NMSG.21
MzBoot.46
Einvolk Famil


 

© 2006-2008 spyware32.com - Privacy Policy