This is a multi-platform virus infecting Win32 systems.
The virus infects Win32 executable files, MS Word documents, and spreads via e-mail through IRC channels as well as infecting the local network.
The virus also has Backdoor ability:
- opens and closes CD door
- downloads and spawns a file
- terminates itself (backdoor routine)
- displays a message, the message box headline contains some text
The virus can be found in several forms:
- infected PE EXE file
- EXE helper
- infected Word documents
- VBS script
- IRC sctiprs
While spreading via e-mail through the network and IRC channels, the worm names its copies as: CRACK.EXE, PACKED.EXE, SETUP.EXE, NETX.EXE, and INIT.EXE.
The COMMDLG.VBS file contains VBScript that spreads the virus on the Internet via e-mail messages by connecting to MS Outlook, obtains all addresses from the Address Book and sends its copy (the PACKED.EXE file) here attached to the message.
The virus then modifies the system registry keys.
The virus deletes the following anti-virus data files:
CHKLIST.MS CHKLIST.DAT CHKLIST.CPS CHKLIST.TAV AGUARD.DAT AVGQT.DAT ANTI-VIR.DAT SMARTCHK.MS SMARTCHK.CPS IVP.NTZ AVP.CRC
The virus also disables the macro-virus protection in the system registry, as well as looks for anti-virus memory resident programs and terminates them:
Amon Antivirus Monitor
Norton AntiVirus Auto-Protect Trial Version
Norton AntiVirus Auto-Protect
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.