McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• I-Worm.Naked (AVP)

• I-Worm.Naked.A (AVX)

• NakedWife.exe

• TROJ_NakedWife (Trend)

• W32.Naked@MM (NAV)

• W32/Naked (Sophos)

• Win32/Naked.worm (CAI)

Characteristics

This worm masquerades as a Flash (shockwave application) movie. The program will display a logo from JibJab, however it is not a shockwave application at all and is not associated with JibJab in any way, other than as a design of social engineering.

When run, it sends itself to all recipients in the Outlook Address Book and attempts to deletes all .BMP, .COM, .DLL, .EXE, .INI, and .LOG files in the WINDOWS and WINDOWS\SYSTEM directories. This includes Windows NT, ME and other versions.

This program is written in Visual Basic and requires the Visual Basic 6 (or higher) runtime files. When run, it copies itself to a TEMP directory and displays a Window entitled "Flash", which reads "JibJab Loading". It proceeds by sending a separate email message, using Microsoft Outlook, to each recipient in the Outlook Address Book. The messages appear as follows:

Subject: Fw: Naked Wife
Body:
My wife never look like that! ;-)

Best Regards,
(sender's name)

Attached: NakedWife.exe

Choosing the HELP|ABOUT menu in the "Flash" window displays a message box entitled "Flash", which reads "You're are now F**KED! (C) 2001 by BGK (Bill Gates Killer)" (** replaces the actual text displayed)

Symptoms

- Absence of .BMP, .COM, .DLL, .EXE, .INI, and .LOG files in the WINDOWS and WINDOWS\SYSTEM directories for Win9x, NT, ME, 2000
- Inability to launch applications
- Email correspondence alerting you that they have received the attachment NakedWife.exe from you.
- Missing WIN.COM error message upon restarting Windows

Method of Infection

This worm arrives as the email attachment, NakedWife.exe . Executing this application infects your machine and causes the worm to mail itself to regular email correspondence.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• I-Worm.Naked (AVP)

• I-Worm.Naked.A (AVX)

• NakedWife.exe

• TROJ_NakedWife (Trend)

• W32.Naked@MM (NAV)

• W32/Naked (Sophos)

• Win32/Naked.worm (CAI)

Characteristics

Characteristics -

This worm masquerades as a Flash (shockwave application) movie. The program will display a logo from JibJab, however it is not a shockwave application at all and is not associated with JibJab in any way, other than as a design of social engineering.

When run, it sends itself to all recipients in the Outlook Address Book and attempts to deletes all .BMP, .COM, .DLL, .EXE, .INI, and .LOG files in the WINDOWS and WINDOWS\SYSTEM directories. This includes Windows NT, ME and other versions.

This program is written in Visual Basic and requires the Visual Basic 6 (or higher) runtime files. When run, it copies itself to a TEMP directory and displays a Window entitled "Flash", which reads "JibJab Loading". It proceeds by sending a separate email message, using Microsoft Outlook, to each recipient in the Outlook Address Book. The messages appear as follows:

Subject: Fw: Naked Wife
Body:
My wife never look like that! ;-)

Best Regards,
(sender's name)

Attached: NakedWife.exe

Choosing the HELP|ABOUT menu in the "Flash" window displays a message box entitled "Flash", which reads "You're are now F**KED! (C) 2001 by BGK (Bill Gates Killer)" (** replaces the actual text displayed)

Symptoms

Symptoms -

- Absence of .BMP, .COM, .DLL, .EXE, .INI, and .LOG files in the WINDOWS and WINDOWS\SYSTEM directories for Win9x, NT, ME, 2000
- Inability to launch applications
- Email correspondence alerting you that they have received the attachment NakedWife.exe from you.
- Missing WIN.COM error message upon restarting Windows

Method of Infection

Method of Infection -

This worm arrives as the email attachment, NakedWife.exe . Executing this application infects your machine and causes the worm to mail itself to regular email correspondence.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A