Click anywhere to stop


Class Email-Worm
Platform JS

Technical Details

This email worm will send itself to all email address in the MS Outlook address book. The file is 1,373 bytes in size.


The worm copies itself to the current user’s start menu as “WinBoot.js”. This ensures that the worm will be launched next time the system is started:

%Documents and Settings%%Current User%Start MenuProgramsStartupWinBoot.js

The worm also copies its body to the Windows system directory as “jokes.txt.js”:



The worm uses MS Outlook to send email to all address from the address book. The messages are titled “FW: jokes!” and contain the following text “These are some good party jokes”. The worm attaches a file called “jokes.txt.js” to infected messages. This attachment contains the body of the worm.

Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Delete the original worm file (the location will depend on how the program originally penetrated the victim machine).
  2. Delete all copies of the worm from the hard disk:
    %Documents and Settings%%Current User%Start MenuProgramsStartupWinBoot.js
  3. Update your antivirus databases and perform a full scan of the computer ( download a trial version of Kaspersky Anti-Virus).
Find out the statistics of the threats spreading in your region