|
|
W95/Creative.A@MM Worm Information
Name: W95/Creative.A@MM
Aliases: Shockwave, W32/Prolin@mm, Troj_Shockwave.A, Troj_Prolin.A
Type: Internet worm
Description:
W95/Creative is a worm that that arrives as an email with an attachment named CREATIVE.EXE. The subject line will be: "A great Shockwave flash movie", and the body of the message is "Check out this new flash movie that I downloaded just now � It's Great, Bye". When executed, Creative will send itself to all email addresses listed in Microsoft Outlook. It also sends a second email to the email address "[email protected]", possibly the creator of the virus, that has the subject line: "Job Complete" and the message: "Got yet another idiot".
The worm will then move all files with the extensions ZIP, MP3, and JPG onto the C drive, where it will add the following to the extension: "change at least now to LINUX" (for example, "products.ZIP" would become "products.ZIPchange at least now to LINUX").
When the worm infects a system, it installs itself in the following two places:
C:\creative.exe
C:\Windows\Start Menu\Programs\StartUp\creative.exe
The copy in the StartUp folder will be launched every time Windows is started.
Detection:
Command AntiVirus version 4.58.3 or higher with definition files dated 12/1/2000 or later detects the worm.
NOTE: If you are already a Command customer we recommend that you
update to the current version (full build 4.59.6 or higher) immediately (Note: This upgrade only affects Windows 9x, Windows NT and Windows 2000 versions):
IMPORTANT: The Definition Files (dated 12/01/00) that provide the information needed to detect this virus can be updated by clicking here.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Home � Purchase Center � Virus Center � Support Center
|
|
|
