McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Win32/HLLW.Retgeek (GeCAD)

Characteristics

-- Update 31st December 2003 --
This threat is considered to be a Low-Profiled risk due to media attention at:  http://www.web-user.co.uk/news/47502.html

This detection is for a worm intended to propagate via MSN Messenger instant messaging. The worm is written in Visual Basic.

It propagates by sending messages to the MSN messenger contact list. The messages contain a link to the worm itself:

http://www.home.no/( removed )/jituxramon.exe

When the link is clicked, the worm is downloaded to the target machine.

Note: at the time of writing the the worm was unavailable from this URL.

Symptoms

Receipt of a MSN messenger message containing a link to the worm as detailed above.

Method of Infection

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• Win32/HLLW.Retgeek (GeCAD)

Characteristics

Characteristics -

-- Update 31st December 2003 --
This threat is considered to be a Low-Profiled risk due to media attention at:  http://www.web-user.co.uk/news/47502.html

This detection is for a worm intended to propagate via MSN Messenger instant messaging. The worm is written in Visual Basic.

It propagates by sending messages to the MSN messenger contact list. The messages contain a link to the worm itself:

http://www.home.no/( removed )/jituxramon.exe

When the link is clicked, the worm is downloaded to the target machine.

Note: at the time of writing the the worm was unavailable from this URL.

Symptoms

Symptoms -

Receipt of a MSN messenger message containing a link to the worm as detailed above.

Method of Infection

Method of Infection -

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A