|I-Worm.Netsky.d worm that infect computers through internet as an attachment to infected emails.
Infected email message has the following characteristics:
Body is one of the following:
Here is the file.
Please have a look at the attached file
Please read the attached file.
See the attached file for details.
Your document is attached.
Your file is attached.
Attachment: all_document.pif, application.pif, document.pif, document_4351.pif, document_excel.pif, document_full.pif, document_word.pif, etc.
Copies itself to the %System% folder as "winlogon.exe"
and adds the value to the registry key:
Searches for the email addresses in the files with the following extensions: adb, asp, dbx, doc, eml, htm, html, msg, oft, php, pl, rtf, sht, tbb, txt, uin, vbs, wab.
Attempts to send email messages using its own SMTP list.
Some of them:
and so on.
Attempts to remove Mydoom worm from the infected machine.
Also it deletes the keys:
"KasperskyAv" and "system."
from the system registry.