Detect Date 11/07/2005
Class Email-Worm
Platform Win32

The worm contains a list of URLs, which will be checked for the presence of files:******************************************************************************************************************************************************************************************

If a file is found at any of these addresses, it will be downloaded to the victim machine:


The file will then be launched for execution.

For example

  1. Reboot your machine in Safe Mode – Press and hold F8 while the machine is rebooting and choose Safe Mode from the menu when it appears.
  2. Delete the following files from Windows system folder:
  3. wingo.exe
  4. Delete the following key from the Windows System Registry:
  5. [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
  6. Reboot the computer and make sure that you have removed all infected emails from all folders in your email client.