Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

When executed, the worm copies itself into the:


folder with the following file names:



The following files are dropped into the %windir% folder:

information.jpg (123563 B)

information.scr (337920 B)

In order to be executed on every system start, the worm sets the following Registry entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = "explorer.exe "%system%\link.exe""


The following Registry entries are set:

"CheckedValue" = 0

"Hidden" = 2

"HideFileExt" = 1

"ShowSuperHidden" = 0

[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper" = "%windir%\information.jpg"


The worm creates copies of itself in folders accesed by the following application:


The name of the file may be based on the name of an existing file or folder. The extension of the file is ".exe".

Spreading on removable media
The worm creates the following folders:


The following file is dropped in the same folder:

autorune.exe (766464 B)

The worm creates the following file:


Other information
The worm attempts to delete the following file:


The worm may set the following Registry entries:

"(Default)" = ""%1" %*"


The worm may delete the following Registry entries:

"soundmix" = "%system%\soundmix.exe"


The worm launches the following processes:


The worm alters the behavior of the following processes:

Windows Task Manager