Trend Micro Virus Alert - WORM_HARWIG.B

WORM_HARWIG.B is a non-destructive, memory-resident worm that propagates via MSN Messenger. It sends a message to all available online contacts, with a message containing a link that points to a copy of the worm. This worm is currently spreading in-the-wild and infecting systems that run Windows 95, 98, ME, 2000, and XP.

Upon execution, this worm drops a temporary copy of itself in the root folder, checks for the existence of MSN Messenger. If found, it executes the application and attempts to log on as the default user or current user. Upon successful login, it sends a message containing a link that points to a copy of the worm.

If MSN Messenger is not present on a system, the worm copies itself in the Windows folder with the file name ABCDEFG.EXE.

It adds a registry entry that allows it to automatically execute at every Windows system startup, and drops an Internet Relay Chat (IRC) BOT file named PROXY.EXE in the Windows system folder.

If you would like to scan your computer for WORM_HARWIG.B, or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

WORM_HARWIG.B is detected and cleaned by Trend Micro pattern file #2.684.05 and above