This is email worm spreading by affecting MS Outlook.
When the worm is run it displays the dialog box with "OK" and "Cancel" buttons, allows users to upgrade for Microsoft Windows 9x/Me/NT/2000 to solve some protocol TCP/IP problems and for SSL
(Secure Sockets Layer) secure system exploration.
Then, as well as on "Cancel" or "OK" click, the worm installs itself to the system.
The worm also creates additional registry key that indacates that the system is already infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion WLKey = 1
The worm also creates NAVER.TXT file in Windows system directory and writes to there a text that is then used in infected messages body.
The worm then connects to MS Outlook address book, get email addresses from there and sends itself attached to these emails.
Please, go to the key in the system registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: WLWin = %windir%\WINSYS.EXE