WORM_PLEXUS.C is a recently discovered worm that uses its own SMTP engine to send copies of itself via email. Emails appear with subject headers like: "Order" or "Good Offer". Messages appear to be from a familiar person. Examples of messages: "Look at my new screensaver. I hope you will enjoy" "In this archive you can find all those things, you asked me" The message comes with an .EXE attachment. Once executed, WORM_PLEXUS.C drops several copies of itself onto the infected system and creates Windows registry entries to automatically execute at each system startup. To propagate, WORM_PLEXUS.C looks for files with the following extension names to retrieve email addresses and domain names: HTM, HTML, PHP, TBB, TXT. This worm can also drop copies of itself in the Kazaa (peer-to-peer network) shared folder, and propagate through network shares with full access rights. This worm's code also contains the following text: "KAV I'm Expletus !!!, Made in China" This worm is currently in-the-wild and affects Windows 95, 98, ME, NT, 2000, and XP operating systems. If you would like to scan your computer for WORM_PLEXUS.C or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com WORM_PLEXUS.C is detected and cleaned by Trend Micro pattern file #902 and above.