McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics

This variant of the worm is very similar to previous variants. It is intended to propagate via email and sharing itself over P2P networks. However, during testing the worm proved to be buggy and at the time of writing, replication has not been observed (nor successful installation on the victim's machine).

McAfee products using the 4217 DATs (or greater) with program heuristics enabled proactively can detect the propagation component as 'virus or variant New P2P Worm' (assuming scanning of compressed files is enabled).

The worm consists of a 3-file sandwich:

The dropper component is intended to drop and run the other components:

• Propagation component: 42,091 bytes
• SMTP library: 15,417 bytes

Strings within the dropper and propagation components suggest the worm is intended to arrive in a message with the following characteristics:

Various subject lines and message bodies are carried within the worm:

'''*< Love Speaks it all >*'''
Hii Try this great program allowing u to translate 100 languages . just write a passage in english and chose a language to get the traslation one of my friends used it with his arabian gf and it worked successfully ;) so , Now we can say ' Love Speaks it All ' :)

Co0o0o0o0oL
i thing the subject is enough to describe the attached file ! check it out and replay your opinion Cya

Fw:
You're gonna love it ;) delete it after reading , Professor :P

Heeeeeeeeeeeeeeeey
i've got this surprise from a friend :) it really deserves a few minutes of your time. Bye

Wussaaaaaaaap?
Should i email u first to email me? u don't know how much ur emails mean to me. i wish u like this email and plzz don't forget me :)

WoW But not for NoW
coz i couldn't get the other part of it , any way , check it out having alil thing is better than nothing :P

y0 Ain't Got Shyt !
All u can get is burning ur self Coz all we can do is to watch, nothing for us to touch :(

Why Do We FOk?
let me answer ,,, hummmmmmmmm Coz we Burn Our selves by watching ********** like the one i attached :P

Heeelllooo , anybody home????
i tried many times to send u this email but ur account was out of storage as i think any way , make sure that i didn't and i won't forget u :) Cya Forgotten :P

Why did u send me this shyt?
THANX BUT I DON'T ACCEPT SEX MATERIALS FROM STRANGERS. I SAW THEM N I WONDERED HOW U COULD DO SO ? I REATTACHED THE SHYT U SENT PLEASE DON'T EMAIL ME ,

Re:Hi
No thanx , keep it for you :)

Lo0o0o0o0o0o0o0o0o0o0o0o0oL
Measure your intelligence , the power of your mind and the speed of your reaction by answering several Qs , don't forget to send me your mark. I took 3.5/10 :P Let's see who is more intelligent than the other! Good Luck

hurry up !!!
this is the last one i could find , Don't forget , send me the project in a zipped file :) Bye

To Early To Have Sex!
When i saw it i didn't believe that she was only 8 yrs old. but when i saw the blood and heard the voice of her :( i got Shocked

Fw:Send it to all of the ppl u love
Don't Believe ur self, I don't Love Ya :P But i Don't know why i sent this to u. Make use of it , Bye ;)

Surpise !
I'm in a harry , Send me any clip with voice like the one i attached . And stop sending the booooring pictures For your elegant Taste elegant ppl should satisfy thier taste with elegant things ;)

Again?
I sent this email to another body :P and he replayed saying Thanx !! i always write your email wrongly. Hummm, if u like it replay to me , and don't forget to write ur signature to make sure that i didn't send the email to a wrong one ;)

Who are you??????
i'm fine , thanx for asking :) and thanx for the nice attachements. but unfortunately, i don't remember you i will be waiting for u emaill to remind me of your self.

Hummm , i hope u accept this show as an apology.
The Spanish Beauty it's a mix of the Arabian beauty & the european grace ! satisfy your eyes with the beauty that u have never seen ;)

I've Got it :)
I've got it from KaZaA network , it seems not to be full but that's all i could find :(

Helloooooooo
I've got your email , but you forgot to upload the attachments. Don't be selfish , i sent you all the files i have, send me anything :(

If u are booooored ...
i found it in my Recycled , i know u love this kind of thing ;) attachment :) bye

Dispatch@McAfee.com
Virus Alert ! Dear User, McAfee.com Has recieved an infected message from you .We believe that you are infected with Win32/HaWawi@MM Virus. Please download the attached tool (ToolAv01w32) which will help you to clean your PC. For more information : *Create an email addressed to virus_research@nai.com.

Attachment: Various filenames chosen from the following list (tailored to subject/message body):

• Hot_Show.pif
• Short_vClip.pif
• Beauty_VS_Your_FaCe.pif
• Endless_life.pif
• Hearts_translator.pif
• Shakiraz_Big_ass.pif
• Sweet_but_smilly.pif
• Broke_ass.pif
• Lo0o0o0o0oL.pif
• Gurls_Secrets.pif
• Tedious_SeX.pif
• Leaders_Scandals.pif
• HaWawi_N_Hawaii.pif
• Come_2_Cum.pif
• Tears_of_Happiness.pif
• White_AmeRica.pif
• Famous_PpL_N_Bad_Setuations.pif
• XxX_Mpegs_Downloader.pif
• Teenz_Raper.pif
• Real_Magic.pif
• The_Truth_of_Love.pif
• unfaithful_Gurls.pif
• How_to_improve_ur_love.pif
• AniMaL_N_Burning_Ladies.pif
• Aint_it_Funny.pif
• ToolAv01w32.pif

Symptoms

The presence of the following files:

• Explore.exe (26,624 bytes)
• SmtpNgin.ocx (14,848 bytes)
• ~DFC348.TMP (1,536 bytes)
• OR any of the files mentioned above

Method of Infection

Virus reaches user through email. User is infected upon opening the email.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics

Characteristics -

This variant of the worm is very similar to previous variants. It is intended to propagate via email and sharing itself over P2P networks. However, during testing the worm proved to be buggy and at the time of writing, replication has not been observed (nor successful installation on the victim's machine).

McAfee products using the 4217 DATs (or greater) with program heuristics enabled proactively can detect the propagation component as 'virus or variant New P2P Worm' (assuming scanning of compressed files is enabled).

The worm consists of a 3-file sandwich:

The dropper component is intended to drop and run the other components:

• Propagation component: 42,091 bytes
• SMTP library: 15,417 bytes

Strings within the dropper and propagation components suggest the worm is intended to arrive in a message with the following characteristics:

Various subject lines and message bodies are carried within the worm:

'''*< Love Speaks it all >*'''
Hii Try this great program allowing u to translate 100 languages . just write a passage in english and chose a language to get the traslation one of my friends used it with his arabian gf and it worked successfully ;) so , Now we can say ' Love Speaks it All ' :)

Co0o0o0o0oL
i thing the subject is enough to describe the attached file ! check it out and replay your opinion Cya

Fw:
You're gonna love it ;) delete it after reading , Professor :P

Heeeeeeeeeeeeeeeey
i've got this surprise from a friend :) it really deserves a few minutes of your time. Bye

Wussaaaaaaaap?
Should i email u first to email me? u don't know how much ur emails mean to me. i wish u like this email and plzz don't forget me :)

WoW But not for NoW
coz i couldn't get the other part of it , any way , check it out having alil thing is better than nothing :P

y0 Ain't Got Shyt !
All u can get is burning ur self Coz all we can do is to watch, nothing for us to touch :(

Why Do We FOk?
let me answer ,,, hummmmmmmmm Coz we Burn Our selves by watching ********** like the one i attached :P

Heeelllooo , anybody home????
i tried many times to send u this email but ur account was out of storage as i think any way , make sure that i didn't and i won't forget u :) Cya Forgotten :P

Why did u send me this shyt?
THANX BUT I DON'T ACCEPT SEX MATERIALS FROM STRANGERS. I SAW THEM N I WONDERED HOW U COULD DO SO ? I REATTACHED THE SHYT U SENT PLEASE DON'T EMAIL ME ,

Re:Hi
No thanx , keep it for you :)

Lo0o0o0o0o0o0o0o0o0o0o0o0oL
Measure your intelligence , the power of your mind and the speed of your reaction by answering several Qs , don't forget to send me your mark. I took 3.5/10 :P Let's see who is more intelligent than the other! Good Luck

hurry up !!!
this is the last one i could find , Don't forget , send me the project in a zipped file :) Bye

To Early To Have Sex!
When i saw it i didn't believe that she was only 8 yrs old. but when i saw the blood and heard the voice of her :( i got Shocked

Fw:Send it to all of the ppl u love
Don't Believe ur self, I don't Love Ya :P But i Don't know why i sent this to u. Make use of it , Bye ;)

Surpise !
I'm in a harry , Send me any clip with voice like the one i attached . And stop sending the booooring pictures For your elegant Taste elegant ppl should satisfy thier taste with elegant things ;)

Again?
I sent this email to another body :P and he replayed saying Thanx !! i always write your email wrongly. Hummm, if u like it replay to me , and don't forget to write ur signature to make sure that i didn't send the email to a wrong one ;)

Who are you??????
i'm fine , thanx for asking :) and thanx for the nice attachements. but unfortunately, i don't remember you i will be waiting for u emaill to remind me of your self.

Hummm , i hope u accept this show as an apology.
The Spanish Beauty it's a mix of the Arabian beauty & the european grace ! satisfy your eyes with the beauty that u have never seen ;)

I've Got it :)
I've got it from KaZaA network , it seems not to be full but that's all i could find :(

Helloooooooo
I've got your email , but you forgot to upload the attachments. Don't be selfish , i sent you all the files i have, send me anything :(

If u are booooored ...
i found it in my Recycled , i know u love this kind of thing ;) attachment :) bye

Dispatch@McAfee.com
Virus Alert ! Dear User, McAfee.com Has recieved an infected message from you .We believe that you are infected with Win32/HaWawi@MM Virus. Please download the attached tool (ToolAv01w32) which will help you to clean your PC. For more information : *Create an email addressed to virus_research@nai.com.

Attachment: Various filenames chosen from the following list (tailored to subject/message body):

• Hot_Show.pif
• Short_vClip.pif
• Beauty_VS_Your_FaCe.pif
• Endless_life.pif
• Hearts_translator.pif
• Shakiraz_Big_ass.pif
• Sweet_but_smilly.pif
• Broke_ass.pif
• Lo0o0o0o0oL.pif
• Gurls_Secrets.pif
• Tedious_SeX.pif
• Leaders_Scandals.pif
• HaWawi_N_Hawaii.pif
• Come_2_Cum.pif
• Tears_of_Happiness.pif
• White_AmeRica.pif
• Famous_PpL_N_Bad_Setuations.pif
• XxX_Mpegs_Downloader.pif
• Teenz_Raper.pif
• Real_Magic.pif
• The_Truth_of_Love.pif
• unfaithful_Gurls.pif
• How_to_improve_ur_love.pif
• AniMaL_N_Burning_Ladies.pif
• Aint_it_Funny.pif
• ToolAv01w32.pif

Symptoms

Symptoms -

The presence of the following files:

• Explore.exe (26,624 bytes)
• SmtpNgin.ocx (14,848 bytes)
• ~DFC348.TMP (1,536 bytes)
• OR any of the files mentioned above

Method of Infection

Method of Infection -

Virus reaches user through email. User is infected upon opening the email.

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A