This worm spreads via the Internet as an attachment to infected emails.
Characteristics of infected messages
Message header (chosen at random from the list below)
Message body (chosen at random from the texts below)
A file with a .pif extension and a randomly generated name.
The worm is activated when the user opens the attached file.
Once launched, the worm installs inself to the system and starts propagating.
Copies itself to the Windows directory under the name EastAV.exe and registers this file in the system registry auto-run key:
The worm searches for files with the extensions listed below: adb; asp; cfg; cgi; dbx; dhtm; doc; eml; htm; html; jsp; mbx; mdx; mht etc.
harvests email addresses and sends copies of itself to all addresses found.
The worm uses its own SMTP library to send messages.
The worm will attempt to conduct DoS attacks on the following sites in accordance with the system clock local settings:
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.
Still have a problem? Ask for help at our discussion forum.