Click anywhere to stop


Detect Date 11/07/2005
Class Email-Worm
Platform Win32

The worm contains a list of URLs, which will be checked for the presence of files:******************************************************************************************************************************************************************************************

If a file is found at any of these addresses, it will be downloaded to the victim machine:


The file will then be launched for execution.

For example

  1. Reboot your machine in Safe Mode – Press and hold F8 while the machine is rebooting and choose Safe Mode from the menu when it appears.
  2. Delete the following files from Windows system folder:
  3. wingo.exe
  4. Delete the following key from the Windows System Registry:
  5. [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
  6. Reboot the computer and make sure that you have removed all infected emails from all folders in your email client.
Find out the statistics of the threats spreading in your region