McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• W32.FunnyFiles.Worm (NAV)

• W32/Hello (Panda)

Characteristics

This is the first known worm that spreads via Microsoft's MSN Messenger program. If MSN Messenger is not installed on the local system, the worm will fail to run properly.

W32/Hello.worm arrives as HELLO.EXE, a Visual Basic 5 application, via MSN Messenger. When run, the worm creates a shortcut, with no name and no icon, into the WINDOWS STARTUP folder. If MSN Messenger is not found in the default directory the worm will crash, displaying the message:

Run-time Error '91'.
Object variable or With block variable not set.

Otherwise, the worm will send the following message to users who are on the MSN Messenger contact list:

i have a file for u. its real funny

HELLO.EXE is sent along with this message.

Symptoms

Presence of HELLO.EXE (10,240 bytes), and presence of shortcut in the WINDOWS STARTUP folder that does not contain an icon or filename.

Method of Infection

This worm spreads via MSN Messenger when the program is run, if it is installed to the default installation directory, and the contact list contains users which are active.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Aliases

• W32.FunnyFiles.Worm (NAV)

• W32/Hello (Panda)

Characteristics

Characteristics -

This is the first known worm that spreads via Microsoft's MSN Messenger program. If MSN Messenger is not installed on the local system, the worm will fail to run properly.

W32/Hello.worm arrives as HELLO.EXE, a Visual Basic 5 application, via MSN Messenger. When run, the worm creates a shortcut, with no name and no icon, into the WINDOWS STARTUP folder. If MSN Messenger is not found in the default directory the worm will crash, displaying the message:

Run-time Error '91'.
Object variable or With block variable not set.

Otherwise, the worm will send the following message to users who are on the MSN Messenger contact list:

i have a file for u. its real funny

HELLO.EXE is sent along with this message.

Symptoms

Symptoms -

Presence of HELLO.EXE (10,240 bytes), and presence of shortcut in the WINDOWS STARTUP folder that does not contain an icon or filename.

Method of Infection

Method of Infection -

This worm spreads via MSN Messenger when the program is run, if it is installed to the default installation directory, and the contact list contains users which are active.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

N/A