WORM_XIPI.A is a memory-resident worm that propagates by dropping copies of itself into shared folders of popular peer-to-peer (P2P) file sharing applications. It can also propagate by sending a copy of itself as an attachment to an email message, which it sends using its own Simple Mail Transfer Protocol (SMTP) engine. It may also email itself to random contacts found in the Microsoft Outlook address book. This worm is currently spreading in-the-wild and infecting systems that run on Windows 95, 98, ME, NT, 2000, and XP. Upon execution, this worm drops a copy of itself in the Windows system folder as JXEF1104.EXE. It creates a .ZIP file in the folder where it was originally executed. The file name used for the .ZIP file is the same as the file name ofthe worm. The .ZIP file contains a folder, which is named after the last 3 letters of the folder that contains it (for example, if the worm is executed in the system’s Desktop, then the folders’ name is top). This folder contains a copy of the worm. Also, it creates the file JXEF_N3X763N3R47ION.TEA in the system’s root drive, which is an encrypted copy of the worm. The worm also drops files in the Windows system folder. This worm attempts to propagate by dropping copies of itself into known shared folders of popular peer-to-peer file sharing applications. It can also propagate by sending a copy of itself as an attachment to an email message, which it sends using its own SMTP engine. It may email itself to random contacts found in the Microsoft Outlook address book. The worm performs a stealth mechanism of injecting its code into EXPLORER.EXE, enabling it to run together with Windows Explorer. This allows its process to remain invisible under the Windows’ Task Manager. If you would like to scan your computer for WORM_XIPI.A, or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/ WORM_XIPI.A is detected and cleaned by Trend Micro pattern file #2.752.05 and above.