Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/Mylife.B

Win32/Mylife.B is a worm written in Visual Basic and is compressed by means of the utility UPX.  It spreads as an attachment of email messages with the subject "bill caricature" and has the attachment cari.src.
The following text is contained in the email's message body:

Hiiii
How are youuuuuuuu?
look to bill caricature it't vvvery verrrry ffffunny :-):-)
i promise you will love it? ok
buy
========No Viruse Found========
MCAFEE.COM

The author tries to invoke a feeling that the message really was checked by an anti-virus program.  He made some mistakes in the text and that would suggest that English is not his mother tongue.
When the file in the attachment is executed the following window is displayed:

The worm copies itself as the file cari.scr into the subdirectory SYSTEM in the directory where the operating system Windows is installed.  It ensures its activation after the system restart by creating the key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run with the value "win"="C:\WINDOWS\SYSTEM\cari.scr".  The worm sends its copies to all addresses found in the address book of the email client Microsoft Outlook.
The worm contains a dangerous destructive routine.  It gets activated when the worm is executed at the system restart in the time between 8:00 and 8:59 as indicated by the internal clock of the computer.  In that case the worm deletes files with extensions sys, vxd, ocx and nls in the directory with installed operating system Windows and files in root directory of disks C: to F:.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this encyclopedia may be reproduced, transmitted or used in any other way in any other form or by any means without prior permission from Eset.