W32/Enemany-B

Discussion in 'malware problems & news' started by FanJ, Jun 5, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: W32/Enemany-B
    Aliases: W32/Enemany.B@MM, WORM_ENEMANY.B, Win32.Enemany.B,
    I-Worm.Alcaul.r
    Type: Win32 worm
    Date: 5 June 2002

    At the time of writing Sophos has received no reports from users
    affected by this worm. However, we have issued this advisory
    following enquiries to our support department from customers.

    Description:

    W32/Enemany-B is a Win32 worm that emails itself to everyone in
    your Microsoft Outlook address book. The email will have the
    following characteristics:

    Subject line: Edonkey Update
    Message text: Edonkey User, this is the Update tool, to fix our
    Edonkey Client to 35.16.61
    Attached file: Esel_Update.Exe

    When first run the worm copies itself to the Windows folder as
    Esel_Update.Exe and to the Windows System folder as Edonkey.scr.


    The worm creates the following registry entry so that it is run
    automatically each time you restart the computer:

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\(Default)
    = C:\WINDOWS\Esel_Update.EXE


    Read the analysis at
    http://www.sophos.com/virusinfo/analyses/w32enemanyb.html
     
    FanJ, Jun 5, 2002
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...