Win32:Goner

is another mass mailing worm which is written in Visual Basic and packed with UPX. It is able to spread via email, ICQ and IRC.The worm's email message has the following characteristics:
Subject:          Hi
Attachment:       GONE.SCR
Message body:
How are you ?
When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it! 

When executed,  the worm displays the black window and sends itself to all Outlook Address Book recipients. Then it displays an error message box pointing to the error in DirectX. It also saves a copy of itself into the Windows system directory under the name GONE.SCR and adds the following registry key to the registry file:
HKLM\Software\Microsoft\Windows\Current\Version\Run

The worm also attempts to disable several antivirus packages by deleting their files on the hard disk. 

Removal:

• delete all infected files found on the disk
• remove the registry entry pointing to those files

Any avast! with VPS file dated on or after 4th December 2001 is able to detect this worm.