It spreads via the Internet as a file attached to infected emails.
Attempts to connect to several sites and save information about the infected victim computer on these sites.
Searches for files with some extentions, harvests email addresses, and then sends itself to all addresses found. To send messages, the worm uses its own SMTP server.
Opens port 2745 and tracks port activity. The backdoor function makes it possible to remotely execute commands and download files to the victim machine.
The worm attempts to counteract antivirus programs by terminating their processes.
The worm is programmed to cease propagation after 25th March 2004.
Use antivirus (also check How To Remove section)Startup Optimizer to automatically remove this worm.