Virus Database

I-Worm.GOPWorm

Description I-Worm.GOPWorm

This is a virus-worm that spreads via the Internet attached to infected e-mails and through a local network by copying to shared drives. The worm itself is a Windows PE EXE file about 60Kb in length (compressed by UPX), and it is written in Delphi Microsoft Visual C++.
The worm is an improved variant of the PSW Trojan {"GOPtrojan":Trojan_PSW_GOPtrojan}.
The infected message's Subject and Body are in Chinese. The attached file name is different, and has a double extension:
filename.jpg.exe
filename.jpeg.exe
filename.gif.exe
filename.txt.exe
filename.doc.exe
filename.rtf.exe
filename.bmp.exe

To run from an infected message, the worm uses an IFrame security breach.
While installing, the worm uses the same method as "GOPtrojan", the additional feature is an affected Registry key:
HKCRexefileshellopencommand
To send infected messages, the worm uses direct access to an SMTP server. The worm obtains victim e-mail addresses by scanning *.HTML, *.HTM, and *.JS files, as well as by scanning TheBat, Aerofox and RimArts e-mail databases.

Check other viruses! Be aware! Use Antiviral Software

Msk.272

Description Msk.272

It is a very dangerous nonmemory resident virus. It searches for all .EXE files of a current directory and overwrites them. It erases the sectors of C: disk, displays the message:
The Midnight Serial Killer is roaming in your computerallBeware! [JD]

MSN-Worm.Jitux

Description MSN-Worm.Jitux
Jitux is an Internet worm that spreads via the MSN Messenger system. It is written in Visual Basic and its' size is about 24KB.
The worm sends messages with the URL of the downloadable version of the worm.
Once the worm is launched, it scans the victim MSN Messenger contact list and sends all contacts the following message:
http://www.home.no/[censored]/jituxramon.exe
Jitux repeats this process over set intervals (about 1 minute).

Home