Trend Micro Virus Alert: WORM_FRONTOKBRO.A

WORM_FRONTOKBRO.A is a destructive, memory-resident worm that propagates by sending a copy of itself as an attachment to email messages. The email message has a blank subject line, and the attachment Kangen.exe, which is a copy of the worm. This copy of the worm uses the Microsoft folder icon to trick users into opening it. Upon execution, it opens a Windows Explorer window in an attempt to hide its process. It then drops several copies of itself in different folders using varying file names. This worm is currently spreading in-the-wild and infecting computers running Windows 95, 98, ME, NT, 2000, XP, and Server 2003.

On computers running Windows NT, 2000, XP and Server 2003, it drops copies of itself and creates a folder in a hardcoded path under the User Profile folder.

This worm may restart the affected system when it finds a window with ".EXE" and "REGISTRY" in the title bar. It overwrites the file AUTOEXEC.BAT, which is found in C:\. This causes affected systems running on Windows 95, 98, and ME to pause during startup. The user is then required to press any key for Windows to start.

It also modifies a specific registry entry, effectively removing the Folder Options item from all Windows Explorer menus and from Control Panel. As a result, affected users cannot use the Folder Options dialog box.

If you would like to scan your computer for WORM_FRONTOKBRO.A, or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/.