Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/Apost.A

Aliases: I-Worm/Apost.A, WORM_APOST.A, Win32.Apost.A@mm

Win32/Apost.A is a worm written in Visual Basic.  To function it needs the runtime library MSVBVM60.DLL to be installed on the computer.  The worm spreads as an email attachment.  Win32/Apost.A arrives in a message with the subject "As per your request!,." with a file readme.exe 24576 bytes in size as an attachment.  The body of the message is formed by the following text:

Look forward to hear from you again very soon. Thank you.

Note: In following text a symbolic inscription %windir% is used instead of name of the directory in which the Windows operating system is installed.  Naturally, this can be different in any installation.

The worm is activated when file readme.exe is run. This causes it to be copied as file readme.exe into directory %windir%.  It creates a registry run key HKCU\Software\Microsoft\Windows\CurrentVersion\Run\macrosoft and sets its value on the created worm copy.  By that the worm ensures its activation after each restart.  The worm also copies itself into the root directory on each accessible local and shared disk, as well as into the root directory of exchangeable media.  It then displays a window with a title "Urgent!".  In it there is only one button with text "Open".  After clicking on the button the worm will display a window with a false error announcement and will cease its activity.  The error announcement looks like this:


© 1992-2004 Eset s.r.o. All rights reserved. No part of this encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without prior permission from Eset.

 

PROTECT YOUR COMPUTER!
ESET's NOD32 provides comprehensive, easy-to-use, and affordable protection from today's and tomorrow's threats. We put the malware expert inside the software, so you don't have to become one.

DOWNLOAD ESET NOD32 ANTI VIRUS SOFTWARE

 

 

Solutions - Products - Purchase - Download - Support - Threat Center - Partners - Company - Global Sites
© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.