Win32:Goner

is another mass mailing worm which is written in Visual Basic and packed with UPX. It is able to spread via email, ICQ and IRC.The worm's email message has the following characteristics:
Subject:          Hi
Attachment:       GONE.SCR
Message body:
How are you ?
When I saw this screen saver, I immediately thought about you I am in a harry, I promise you will love it! 

When executed,  the worm displays the black window and sends itself to all Outlook Address Book recipients. Then it displays an error message box pointing to the error in DirectX. It also saves a copy of itself into the Windows system directory under the name GONE.SCR and adds the following registry key to the registry file:
HKLM\Software\Microsoft\Windows\Current\Version\Run

The worm also attempts to disable several antivirus packages by deleting their files on the hard disk. 

Removal:

  • delete all infected files found on the disk
  • remove the registry entry pointing to those files
Any avast! with VPS file dated on or after 4th December 2001 is able to detect this worm.
Viruses
Viruses in the Wild Windows viruses Older windows viruses 2002 Older windows viruses 2001 Older windows viruses 2000 Script viruses Macro viruses Virus report form Virus report summary Eicar Test File VPS history
Subscription Services
VPS (iAVS) Subscr. service
avast! Virus Cleaner
Home pageWeb site mapPrint this pagePrivacy policy
Copyright © 1988 - 2008 ALWIL Software a.s.
Home page