This worm spreads via the Internet as a file attached to infected messages. It also spreads via file-sharing networks.
Attempts to connect to several remote sites, and saves information about the infected computer on these sites.
Searches for files with predefined extensions and sends itself to all email addresses which it finds in these files.
Opens port 2475 and tracks port activity. The backdoor function makes it possible for commands to be executed and files to be downloaded on the victim machine.
Attempts to counteract the updating of antivirus programs. It also terminates some system processes.
The worm is programmed to cease propagation after 25th March 2004.
Use antivirus (also check How To Remove section)Startup Optimizer to automatically remove this worm.