Virus Database

I-Worm.GOPWorm

Description I-Worm.GOPWorm

This is a virus-worm that spreads via the Internet attached to infected e-mails and through a local network by copying to shared drives. The worm itself is a Windows PE EXE file about 60Kb in length (compressed by UPX), and it is written in Delphi Microsoft Visual C++.
The worm is an improved variant of the PSW Trojan {"GOPtrojan":Trojan_PSW_GOPtrojan}.
The infected message's Subject and Body are in Chinese. The attached file name is different, and has a double extension:
filename.jpg.exe
filename.jpeg.exe
filename.gif.exe
filename.txt.exe
filename.doc.exe
filename.rtf.exe
filename.bmp.exe

To run from an infected message, the worm uses an IFrame security breach.
While installing, the worm uses the same method as "GOPtrojan", the additional feature is an affected Registry key:
HKCRexefileshellopencommand
To send infected messages, the worm uses direct access to an SMTP server. The worm obtains victim e-mail addresses by scanning *.HTML, *.HTM, and *.JS files, as well as by scanning TheBat, Aerofox and RimArts e-mail databases.

Check other viruses! Be aware! Use Antiviral Software

HNY.690

Description HNY.690

It is not a dangerous nonmemory resident parasitic virus. It searches for EXE files, then writes itself to the beginning of the file. The original host file header is encrypted and saved to the file end. To return control to the host program the virus disinfects and executes it. Depending on files that are infected the virus decrypts and displays the message:
Happy New Year!

HNYS.770

Description HNYS.770

It is not a dangerous memory resident encrypted parasitic virus. It hooks INT 21h and writes itself to the end of .COM files that are executed. From 1st till 7th of January the virus displays the message:
HAPPY NEW YEAR,SLOVAKIA

Home