McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Enegg (Panda)

• W32.Enegg@mm (Symantec)

• Win32.Enegg.A (CA)

Characteristics

This threat is detected as W32/Generic.a@MM with the 4281 DAT files. It is not known to be in the wild.

This virus arrives in an email message. Messages will vary as the virus contains a long list of subject lines and message bodies. Such as:

Subjects:

• Alertas de virus
• cuidado
• cynthia fotos
• Cynthia_fotos
• Fotos de Cynthia
• fotos_Cynthia
• Fwd: huevos poetas
• Fwd: Msn_Ghost
• Fwd: msn_ghost
• Hackea hotmail
• Hackear hotmail
• Hacker Tutoriales
• Hacker Tutoriales aplicacion
• Hackers Tutorials
• Hacking hotmail
• Kaspersky AVP Patches
• McAfee VirusScan Patches
• messenger 6.5v.final
• mxpx screensaver
• Norton New Patches
• Norton_parches
• Nuevo Virus Alerta
• Parche
• parches
• Parches de microsoft
• Parches para kaspersky AVP
• Parches para McAfee VirusScan 2003
• Parches para Norton 2003
• Re: El archivo...
• Re: messenger 6.5
• Re: MsN 6.5 final
• Re: mxpx_screensaver
• revisalo ok
• Tutoriales hackers

When the attachment is run, a text document is created, %SysDir%\cynthia\cynthia.txt and then displayed.

Cynthia siempre seras el amor de mi vida Nunca dejare de amarte ...Princesita Te amo mucho y voy a estar cerca a ti muy pronto bebe Bebe Como yo nadie te ah amado te amo =) Nunca me cansare de decirte q eres la mujer de mi vida te amo con todo mi corazon bebe y me gustariaq todo el mundo se entere de lo mucho q te amo eres mi vida y nunca pero nunca te dejare de amar Hola este virus no hace nada no te va a formatear nada ni nada ok? tranquilizese q no es nada malo solo eh creado este virus para q todo el mundo se entere de lo mucho q amo a cynthia la amo contodo mi corazon si tiene algun problema tan solo reinstale su windows pero le repito no es nada malo =)

Several message boxes may be displayed:

Symptoms

The worm creates several files in the WINDOWS directory:

• msconfig.exe.vbs (non-functional script 102 bytes)
• sysedit.exe.vbs (non-functional script 98 bytes)
• \system32\Cynthia.exe (copy of the worm)
• \system32\cynthia\Cynthia.txt (689 bytes)

• HKEY_LOCAL_MACHINE\SOFTWARE\Cynthia

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Run "Windows" = C:\recycled\Cynthia.exe

• cmd.exe
• msconfig.exe
• regedit.exe
• regedt32.exe
• sysedit.exe
• \AntiViral Toolkit Pro\*.*
• \Command Software\F-PROT95\*.*
• \McAfee\VirusScan\*.*
• \Norton AntiVirus\*.*
• C:\Toolkitt\FindVirus\*.*
• \PandaSoftware\Panda Antivirus Titanium\*.*
• \Trend Micro\PC-cillin 2002\*.*
• \AVPersonal\*.*
• \Trend PC-cillin 98\*.*
• \Perav\*.*
• \McAfee\McAfee VirusScan\*.*
• \Panda Software\Panda Antivirus 6.0\*.*
• \Trend Micro\PC-cillin 2000\*.*
• \AnalogX\Script Defender\*.*
• \F-Secure\Anti-Virus\*.*
• \Zone Labs\ZoneAlarm\*.*
• \ESET\NOD32\*.*
• \McAfee VirusScan Professional Edition 7.0\*.*
• \The Hacker 5.5\*.*
• \The Hacker\*.*

Method of Infection

This mass-mailing worm spreads via Microsoft Outlook. It harvest addresses from the Outlook Address Book, and sends itself to each recipient address gathered.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Enegg (Panda)

• W32.Enegg@mm (Symantec)

• Win32.Enegg.A (CA)

Characteristics

Characteristics -

This threat is detected as W32/Generic.a@MM with the 4281 DAT files. It is not known to be in the wild.

This virus arrives in an email message. Messages will vary as the virus contains a long list of subject lines and message bodies. Such as:

Subjects:

• Alertas de virus
• cuidado
• cynthia fotos
• Cynthia_fotos
• Fotos de Cynthia
• fotos_Cynthia
• Fwd: huevos poetas
• Fwd: Msn_Ghost
• Fwd: msn_ghost
• Hackea hotmail
• Hackear hotmail
• Hacker Tutoriales
• Hacker Tutoriales aplicacion
• Hackers Tutorials
• Hacking hotmail
• Kaspersky AVP Patches
• McAfee VirusScan Patches
• messenger 6.5v.final
• mxpx screensaver
• Norton New Patches
• Norton_parches
• Nuevo Virus Alerta
• Parche
• parches
• Parches de microsoft
• Parches para kaspersky AVP
• Parches para McAfee VirusScan 2003
• Parches para Norton 2003
• Re: El archivo...
• Re: messenger 6.5
• Re: MsN 6.5 final
• Re: mxpx_screensaver
• revisalo ok
• Tutoriales hackers

When the attachment is run, a text document is created, %SysDir%\cynthia\cynthia.txt and then displayed.

Cynthia siempre seras el amor de mi vida Nunca dejare de amarte ...Princesita Te amo mucho y voy a estar cerca a ti muy pronto bebe Bebe Como yo nadie te ah amado te amo =) Nunca me cansare de decirte q eres la mujer de mi vida te amo con todo mi corazon bebe y me gustariaq todo el mundo se entere de lo mucho q te amo eres mi vida y nunca pero nunca te dejare de amar Hola este virus no hace nada no te va a formatear nada ni nada ok? tranquilizese q no es nada malo solo eh creado este virus para q todo el mundo se entere de lo mucho q amo a cynthia la amo contodo mi corazon si tiene algun problema tan solo reinstale su windows pero le repito no es nada malo =)

Several message boxes may be displayed:

Symptoms

Symptoms -

The worm creates several files in the WINDOWS directory:

• msconfig.exe.vbs (non-functional script 102 bytes)
• sysedit.exe.vbs (non-functional script 98 bytes)
• \system32\Cynthia.exe (copy of the worm)
• \system32\cynthia\Cynthia.txt (689 bytes)

• HKEY_LOCAL_MACHINE\SOFTWARE\Cynthia

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
  Run "Windows" = C:\recycled\Cynthia.exe

• cmd.exe
• msconfig.exe
• regedit.exe
• regedt32.exe
• sysedit.exe
• \AntiViral Toolkit Pro\*.*
• \Command Software\F-PROT95\*.*
• \McAfee\VirusScan\*.*
• \Norton AntiVirus\*.*
• C:\Toolkitt\FindVirus\*.*
• \PandaSoftware\Panda Antivirus Titanium\*.*
• \Trend Micro\PC-cillin 2002\*.*
• \AVPersonal\*.*
• \Trend PC-cillin 98\*.*
• \Perav\*.*
• \McAfee\McAfee VirusScan\*.*
• \Panda Software\Panda Antivirus 6.0\*.*
• \Trend Micro\PC-cillin 2000\*.*
• \AnalogX\Script Defender\*.*
• \F-Secure\Anti-Virus\*.*
• \Zone Labs\ZoneAlarm\*.*
• \ESET\NOD32\*.*
• \McAfee VirusScan Professional Edition 7.0\*.*
• \The Hacker 5.5\*.*
• \The Hacker\*.*

Method of Infection

Method of Infection -

This mass-mailing worm spreads via Microsoft Outlook. It harvest addresses from the Outlook Address Book, and sends itself to each recipient address gathered.

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A