×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

W32.Vote - Destructive Worm

W32.Vote - Destructive Worm

W32.Vote - Destructive Worm

(OP)
This potentially destructive worm arrives with the subject "Fwd: Peace BeTween AmeriCa And IsLam !", the message body of "Hi! iS iT A waR Against AmeriCa Or IsLam! Let's Vote To Live in Peace!", and an attachment named WTC.EXE. If executed, the attachment attempts to mail itself to evey address in Outlook , creates saves two VBS programs, sets the homepage to us.f1.yahoofs.com, which then downloads a password stealing trojan named Troj/Barrio.

One VBS will attempt to overwrite all .HMT and .HTML with "AmeRiCa...Few Days WiLL Show You What We Can Do !!! It's Out Turn >>> ZaCkEr is So Sorry For You", attempt to delete commom antivirus directories, and change the registry to enable the script to be run at bootup.

The other VBS will attempt to delete all files in the Windows directory and add "echo y | format C:" to the autoexec.bat file. This may cause the hard drive to be reformatted at the next boot.

Several AV vendors have put out identities for the worm and the trojan horse. For more info see: www.zdnet.com/zdnn/stories/news/0,4586,5097375,00.html and news.cnet.com/news/0-1003-200-7285953.html?tag=dd.ne.dtx.nl-hed.0 as well as you AV vendor for more details.

James P. Cottingham

I am the Unknown lead by the Unknowing.
I have done so much with so little
for so long that I am now qualified
to do anything with nothing.

RE: W32.Vote - Destructive Worm

James,

Norton covers this virus in its definitions as of yesterday. Anyone running detection software on their mail servers that bins vbs attachments will be covered anyway.

It is not a pretty virus as it deletes a file then tries to call it.

Hmm. Microsoft programmer at work?

Nick

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close