Virus Encyclopedia

Worm/Generic.FX!CME-24

CME-24

This worm spreads by emails as a message attachment and via P2P networks.

Installation:
When the worm is launched it copies itself as scanregw.exe, Net.exe and at.exe into Windows System folder and as Rundll16.exe into Windows folder and registers file scanregw.exe as ScanRegistry in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key in Windows Registry.

Spreading: e-mail
Worm spreads by sending itself to e-mail addresses that are taken from files with HTM, DBX, EML, MSG, OFT, NWS, VCF, MBX, IMH, TXT and MSF extension.

Message format is as following:
Sender address is faked

Subject and message body are generated from the texts inside virus body.

Attachment:
Attachment name is variable with pif extension or with scr in case of hidden extension.

Spreading: networks
Worm searches for shared folders and copies itself to them using random names.

Payload:
Virus terminates several running processes.

Every 3rd day of month virus overwrites files with doc, xls, mdb, mde, ppt, pps, zip, rar, pdf, psd and dmp extension.

REMOVE VIRUSES AND SPYWARE

Can’t get rid of malware on your own? Let Support.com help!

- OR -

GET LIVE HELP NOW