I-Worm.Actem
Description I-Worm.Actem
Actem is a worm virus spreading via the Internet as an infected email attachment. The worm itself is a Windows PE EXE file about 61Kb in size, written in Visual Basic.
The infected messages body is empty.
The email Subject is:
"Try this, pretty cool"
There are two files attached to the email. One is a copy of the worm:
ActiveM.exe
While the other is a text file:
list.txt
Actem activates from the infected email only if a user clicks on the attached file. If activated the worm installs itself into the system and displays false messages.
The worm hides itself as an "Active Mouse" application and displays several false messages and menus when the infected file is run.
Actem shows this "active mouse" dialog window:
Other false messages displayed by Actem if executed:
Actem does not install itself to the system and is not active after having run - unless a user clicks on the infected attachment again.
To send out infected messages Actem uses MS Outlook to send messages to all addresses found in the Outlook address book.
Check other viruses! Be aware! Use Antiviral Software
Finnish.709
Description Finnish.709
This is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are executed or opened. It doesn't manifest itself. During infection it writes the following code to the file beginning:
LOCK MOV AX, offset Virus
JMP AX
Fire.2682
Description Fire.2682
It's a harmless memory resident encrypted parasitic stealth virus. It hooks INT 21h and writes itself to the end of COM- and EXE-files that are executed. It contains the internal text strings:
Fire walk with me.
|