Virus Encyclopedia

Worm/Generic.FX!CME-24

CME-24

This worm spreads by emails as a message attachment and via P2P networks.

Installation:
When the worm is launched it copies itself as scanregw.exe, Net.exe and at.exe into Windows System folder and as Rundll16.exe into Windows folder and registers file scanregw.exe as ScanRegistry in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key in Windows Registry.

Spreading: e-mail
Worm spreads by sending itself to e-mail addresses that are taken from files with HTM, DBX, EML, MSG, OFT, NWS, VCF, MBX, IMH, TXT and MSF extension.

Message format is as following:
Sender address is faked

Subject and message body are generated from the texts inside virus body.

Attachment:
Attachment name is variable with pif extension or with scr in case of hidden extension.

Spreading: networks
Worm searches for shared folders and copies itself to them using random names.

Payload:
Virus terminates several running processes.

Every 3rd day of month virus overwrites files with doc, xls, mdb, mde, ppt, pps, zip, rar, pdf, psd and dmp extension.

Requested page not found

Sorry, the page you have requested cannot be found. Please check that the URL is typed correctly. It is also possible that the link you clicked is out-of-date and the information has been moved. Please use one of the following links to continue:

Report this link as broken

We will appreciate if you report any broken links you find on our website. If you would like to report this broken link please click on the button below to contact our webmaster.

Virus Encyclopedia

Requested page not found

Homepage

Home Security

Business Security

Downloads

About Viruses & Threats

Support

Partners

Report this link as broken