Content
W32/Scold@MM
- Type
- Virus
- SubType
- Discovery Date
- 12/10/2003
- Length
- 28,160 bytes
- Minimum DAT
- 4309 (12/17/2003)
- Updated DAT
- 4309 (12/17/2003)
- Minimum Engine
- 5.1.00
- Description Added
- 12/10/2003
- Description Modified
- 12/11/2003 9:12 AM (PT)
Tab Navigation
Characteristics
This mass-mailing worm is detected as W32/Generic.a@MM with the 4309 DAT files. It spreads via MAPI messaging, and arrives in an email message as follows:
Subject:
One of the following:
- When Itīs Cold Outside She Gives Me Warm Inside
- Re: When Itīs Cold Outside She Gives Me Warm Inside
- Fwd When Itīs Cold Outside She Gives Me Warm Inside
Followed by many spaces followed by random characters
Body:
One of the following:
- Enjoy this great picture.
- You will love this cute picture.
- D'ont miss this cool picture.
Followed by the following text
============= Free Online Virus Scan =============
100% VIRUS FREE
No viruses or suspicious files were found in the attached file.
Attachment: [random filename] .scr
When the attachment is manually run, a Window is displayed.
The worm copies itself to the WINDOWS (%WinDir%) directory as Warm.scr and with a random filename. A registry run key is created to load the worm at startup:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ExeName32" = %WinDir%\Warm.scr
Symptoms
Presense of the file %WinDir%\Warm.scr
Method of Infection
This worm spreads by mass-mailing itself to all recipients found in the Microsoft Outlook Global Address List, as well as addresses harvested from .HTM and .HTML documents on the local system.
Removal
All Users:
Use specified engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants
Variants
N/A
All Information
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Aliases
- Scold.A (F-Secure)
- W32.Scold@mm (Symantec)
- W32/Scold-A (Sophos)
- WORM_SCOLD.A (Trend)
Characteristics
Characteristics -
This mass-mailing worm is detected as W32/Generic.a@MM with the 4309 DAT files. It spreads via MAPI messaging, and arrives in an email message as follows:
Subject:
One of the following:
- When Itīs Cold Outside She Gives Me Warm Inside
- Re: When Itīs Cold Outside She Gives Me Warm Inside
- Fwd When Itīs Cold Outside She Gives Me Warm Inside
Followed by many spaces followed by random characters
Body:
One of the following:
- Enjoy this great picture.
- You will love this cute picture.
- D'ont miss this cool picture.
Followed by the following text
============= Free Online Virus Scan =============
100% VIRUS FREE
No viruses or suspicious files were found in the attached file.
Attachment: [random filename] .scr
When the attachment is manually run, a Window is displayed.
The worm copies itself to the WINDOWS (%WinDir%) directory as Warm.scr and with a random filename. A registry run key is created to load the worm at startup:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "ExeName32" = %WinDir%\Warm.scr
Symptoms
Symptoms -
Presense of the file %WinDir%\Warm.scr
Method of Infection
Method of Infection -
This worm spreads by mass-mailing itself to all recipients found in the Microsoft Outlook Global Address List, as well as addresses harvested from .HTM and .HTML documents on the local system.
Removal -
Removal -
All Users:
Use specified engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
