Win32:Maldal-C

is the mass-mailing worm written in Visual Basic which arrives in an e-mail with the file attachment called christmas.exe.  It uses the MS-Outlook address book to send itself to other users. The worm message has the following characteristics:
Subject: Hii
Body:
     I can't describe my feelings
     But all i can say is
     Happy New Year :)
     bye
Attachment: Christmas.exe

Besides the spreading the worm also changes the Internet Explorer startup page to a worm's author website. This html page contains Javascript code that drops a VB Script virus and also installs a mIRC script. The dropped VBSscript code may delete some anti-virus and security software.

When executed, the worm copies itself in the Windows directory and modifies the registry as follows:
HKLM\Software\Microsoft\Windows\ CurrentVersion\Run\ZaCker = %windows%\CHRISTMAS.EXE

HKLM\System\CurrentControlSet\Control\ComputerName\ ComputerName\ComputerName = ZaCker

HKCU\Software\Microsoft\Internet Explorer\Main\Start page = http://geocites.com/<...>/ZaCker.htm

This means that the worm is executed on reboot, the computer name is changed to Zacker and Internet Explorer's Start Page is set to the above mentioned website.The worm also executes a destructive payload of deleting files with any of the following extensions in the Windows system directory: DLL, DRV, VXD and TSP.

Any avast! with VPS file dated on or after 19th December 2001 is able to detect this worm.

Viruses
Viroses "in the Wild" Viroses do Windows Viroses do windows mais antigas 2002 Viroses do windows mais antigas 2001 Viroses do windows mais antigas 2000 Viroses de Script Macro-viroses Formulário de Relatório de Vírus Sumário do Relatório de Vírus Ficheiro de Teste Eicar História VPS
Subscription Services
VPS (iAVS) Subscr. service
Limpador de Vírus avast!
Home pageWeb site mapPrint this pagePrivacy policy
Copyright © 1988 - 2008 ALWIL Software a.s.
Home page
Viruses  older windows viruses 2001  Win32:Maldal-C