© 1998 Symantec Corporation All rights reserved. |
Worm.ExploreZip
Description: Worm.ExploreZip is a worm that contains a malicious payload. The worm utilizes MAPI commands and Microsoft Outlook on Windows systems to propagate itself. The worm was first discovered in Israel and submitted to the Symantec AntiVirus Research Center on June 6, 1999. The worm e-mails itself out as an attachment with the filename "zipped_files.exe". The body of the e-mail message may appear to come from a known e-mail correspondent and contains the following text: Hi Receipient Name! The worm determines whom to mail this message to by going through your received messages in your Inbox. Once the attachment is executed, it may display the following window:
The worm proceeds to copy itself to the c:\windows\system directory with the filename "Explore.exe" and then modifies the WIN.INI file so, the program is executed each time Windows is started. The worm then utilizes your e-mail client to harvest e-mail addresses in order to propagate itself. One may notice their e-mail client start when this occurs.
In addition, when Worm.ExploreZip is executed, it also searches through the C through Z drives of your computer system and selects a series of files of any file extension to destroy by making them 0 bytes long. This can result in non-recoverable data and/or computer system.
To remove this worm, one should perform the following steps:
Norton AntiVirus users can protect themselves from this worm by downloading the current virus definitions either through LiveUpdate or from the following webpage: http://www.symantec.com/avcenter/download.html Write-up by: Eric Chien Use the index files to locate virus information by name:
|