Kaspersky Threats

Class

Platform

Description

Technical Details

This email worm will send itself to all email address in the MS Outlook address book. The file is 1,373 bytes in size.

Installation

The worm copies itself to the current user’s start menu as “WinBoot.js”. This ensures that the worm will be launched next time the system is started:

%Documents and Settings%%Current User%Start MenuProgramsStartupWinBoot.js

The worm also copies its body to the Windows system directory as “jokes.txt.js”:

%System%jokes.txt.js

Payload

The worm uses MS Outlook to send email to all address from the address book. The messages are titled “FW: jokes!” and contain the following text “These are some good party jokes”. The worm attaches a file called “jokes.txt.js” to infected messages. This attachment contains the body of the worm.

Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

Delete the original worm file (the location will depend on how the program originally penetrated the victim machine).

Delete all copies of the worm from the hard disk:

%Documents and Settings%%Current User%Start MenuProgramsStartupWinBoot.js
%System%jokes.txt.js

Update your antivirus databases and perform a full scan of the computer ( download a trial version of Kaspersky Anti-Virus).

Find out the statistics of the threats spreading in your region

Class	Email-Worm
Platform	JS
Description	Technical Details This email worm will send itself to all email address in the MS Outlook address book. The file is 1,373 bytes in size. Installation The worm copies itself to the current user’s start menu as “WinBoot.js”. This ensures that the worm will be launched next time the system is started: %Documents and Settings%%Current User%Start MenuProgramsStartupWinBoot.js The worm also copies its body to the Windows system directory as “jokes.txt.js”: %System%jokes.txt.js Payload The worm uses MS Outlook to send email to all address from the address book. The messages are titled “FW: jokes!” and contain the following text “These are some good party jokes”. The worm attaches a file called “jokes.txt.js” to infected messages. This attachment contains the body of the worm. Removal instructions If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program: Delete the original worm file (the location will depend on how the program originally penetrated the victim machine). Delete all copies of the worm from the hard disk: %Documents and Settings%%Current User%Start MenuProgramsStartupWinBoot.js %System%jokes.txt.js Update your antivirus databases and perform a full scan of the computer ( download a trial version of Kaspersky Anti-Virus).
	Find out the statistics of the threats spreading in your region

Email-Worm.JS.Mountoni

Technical Details

Installation

Payload

Removal instructions