Virus Database

I-Worm.Potar.a

Description I-Worm.Potar.a
Potar is a worm virus spreading via the Internet as an attachment to infected emails.
The worm itself is a Windows PE EXE file approx. 202KB in length when compressed by UPX, the decompressed size is approx. 500KB; it is written in Delphi.
Infected email messages have the following attributes:
From: mariya@mail.ru Subject: Masha Body:
Privet!!! Izvini chto tak dolgo ne pisala. Poteryala tvoy adres. No Irina dala mne ego. Vot Fotka, kotoru ti prosil. Gdu otveta. Tvoya Masha
Attachment: PhotoRar.exe
The worm is activated from infected emails only when a user clicks on the attached file. Once run the worm installs itself to the system and runs its spreading routine. Installing
While installing the worm copies itself to the Windows directory under the name "PhotoRar.exe" and registers this file in the system registry auto-run key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun Kernell32Dll = %windir%PhotoRar.exe
The worm then displays an error message.
The 'Potar' worm also creates the "supafly.dat" file in the Windows directory and writes the following text to this file:
Salam vsem IZ AFRIKI. OSOBENNIY PRIVET GREEN13 v Bishkeke !!!
Spreading
To send out infected messages the worm uses the default SMTP server.
To get victim email addresses the 'Potar' downloads Web pages from seven different forums located at:

http://forum.rol.ru (three forums are downloaded here)
http://www.studio.by (one forum is downloaded here)
http://diesel.elcat.kg (three forums are downloaded here)

The 'Potar' worm extracts email addresses from the downloaded pages.

Check other viruses! Be aware! Use Antiviral Software

Mshark Family

Description Mshark Family

These are the harmless viruses. The write themselves to the end of the files, contain the texts:
"Mshark.373,378": (C) Mshark-S v.1.0
"Mshark.889": (C) Mshark v2.10 1992

Mshark.373,378
These are nonmemory resident viruses. They search and infect .COM files of the current directory.
Mshark.889
It is a memory resident virus. It hooks INT 21h and infects .COM and .EXE files that are executed.

Msk.272

Description Msk.272

It is a very dangerous nonmemory resident virus. It searches for all .EXE files of a current directory and overwrites them. It erases the sectors of C: disk, displays the message:
The Midnight Serial Killer is roaming in your computerallBeware! [JD]

Home

Viruses from A to Z
0-9 A B Ñ D E F G H I J
K L M N O P Q R S T
U V W X Y Z

    Copyright © 2005 Virus-Database.com
© 2005 Virus-Database.com