Class Trojan
Platform VBS

Technical Details

Carewmr is a dangerous trojan program written in the VBS language. It deletes the contents of the “C:Windows” directory.

When the trojan program is executed, it shows the following messages:

“Welcome to CLRAV of Kasperskys, press OK or Accept to Start scanning your computer.”

“ERROR!, Code error:3212552, please execute this tool in MS-DOS.”

“Thank You for prefer Kasperskys Products”

“Carewmr” then opens the “http:\” site in the default Internet browser.

On September 1st the trojan program displays the message:

“Mr.Carew vuelve otra vez!!, jaja”

It also removes the following registry keys:

“HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunZoneAlarm Pro”

“Carewmr” then creates several files and directories, as listed below.

Files created:


“C:Windows is a real virus?”
“C:Windows 95”

Directories created:


Next the trojan creates a text file named CLRAV_Report.log that has the following contents:

“Due an error, Code error:3212552, CLRAV has not disinfect your computer”
“For Support please send a e-mail to and please indicate the Code Error.”

Currently, this trojan program is reported to be “in the wild”.

Find out the statistics of the threats spreading in your region