Panda Virus Encyclopedia - ExplorezipN Common name: ExplorezipN Technical name: W32/ExploreZip.N Threat level: Very low Type: Worm Effects: It modifies files with DOC, XLS, CPP, C, H and ASM extensions, rendering them useless. Systems affected: Windows XP/2000 Pro/NT/Me/98/95 First appeared on: Jan. 08, 2003 In circulation? No Brief Description ExploreZip.N is a worm that reaches computers in an e-mail message with the following attachment: ZIPPED_FILES.EXE. It mails itself out to all the entries found in Outlook's Address Book. To do this, it attaches itself to all the messages marked as unread in the Inbox, and proceeds to send reply messages to all of them. The effects of ExploreZip.N consist of changing certain files, truncating them to 0 Bytes. Affected files will have the following extensions: DOC, XLS, CPP, C, H and ASM. Visible Symptoms ExploreZip.N reaches computers in an e-mail message with the following characteristics: Message: Hi ! I recevied your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Sincerely. Goat Attachments: ZIPPED_FILES.EXE When it carries out its infection, ExploreZip.N displays the following image on the screen: http://www.pandasoftware.com/img/enc/ExploreZip_img1.GIF Cannot open file: it does not appear to be a valid archive. If this file is part of a ZIP format backup set, insert the last disk of the backup set and try again. Please press F1 for help Effects The main effect of the ExploreZip.N worm is consist of deleting the contents of files with the following extensions: DOC, XLS, C, CPP, H and ASM. Means of infection In order to carry out its infection, ExploreZip.N creates the following files in the Windows system directory: EXPLORE in the Windows system folder. _SETUP.EXE in the Windows folder. Then, it modifies the WIN.INI file in order to load itself at startup. ExploreZip.N creates the following entry in the Windows Registry: HKEY_CURRENT_USER\ Software\ Microsoft\ WindowsNT\ CurrentVersion \ Windows with the key\ value "run c:\ winnt\ system32\ Explore.exe" This Registry key will only be modified on Windows NT systems. In addition, in Windows 98/95 the worm uses some specific techniques to make it more difficult to disinfect. Means of transmission ExploreZip.N spreads rapidly, using e-mail as follows: It reaches computers in an message with the following characteristics: Subject: It varies on each occasion. Message: Hi ! I recevied your email and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Sincerely. Goat Attachments: ZIPPED_FILES.EXE When the attachment is run, is creates a new e-mail reply message for each of the unread messages found in the Inbox. This is the reason why the sender and subject of the messages will be different on each occasion. In addition, if ExploreZip.N is run on systems connected to a network, the worm takes advantage of this to spread to other computers connected to it. Other Details ExploreZip.N (91,048 Bytes) is compressed with UPX. Is my computer infected by ExplorezipN? In order to make absolutely sure that ExploreZip.N has not infected your computer, you have the following options: A. Carry out a full scan of your computer using Panda Antivirus, after checking that it is updated. If it isn't and you are a registered Panda Software client, update it by clicking here. B. Check the computer with Panda ActiveScan, Panda Software's free, online scanner, which will quickly detect any possible viruses. How to remove ExplorezipN If your Panda antivirus or Panda ActiveScan detects ExploreZip.N during the scan, it will automaticallyoffer you the option of deleting it. Do this by following the program's instructions. Additional notes: It is particularly important to scan all e-mail folders and all files received. If your computer has Windows Millennium or Windows XP installed, click here to permanently remove all trace of the virus. How to protect your computer from ExplorezipN In order to keep your computer protected, bear the following tips in mind: Install a good antivirus in your computer. Click here to get the Panda antivirus solution that best suits your needs. Keep your antivirus updated. If automatic updates are available, configure your antivirus to use them. Keep your permanent antivirus protection enabled at all times. For more detailed information about how to protect your computer against viruses, click here.