|Added as a result of the Torvel worm!
W32.HLLW.Torvel@mm is a worm that spreads itself through Microsoft Outlook, Outlook Express, and through file-sharing networks.
It adds the value:
"Service Host" = "%windir%\spoolos.exe"
to the registry key:
Copies itself to the default sharing folder of the KaZaA file-sharing program. The file names of the copies contain the strings, such as:
ACDSee32 v2.41, Adobe Encore DVD 1.0, BearShare Pro v4.0.1 etc.
Emails itself to addresses in the Microsoft Outlook address book.
The email messages have the following characteristics:
Subject: The subject is composed of combinations of the following text strings: Hi, Hello, FW: RE: Undeliverable mail-- , and other.
Message Body: Hello, You should apply this fix which solves the newest Internet Explorer Vulnerability described in MS05-023. It's important that you apply the fix now since
we estimate the Buffer Overflow is at a Critical Level. Sincerely Yours The Security Team
Attachment: The attachment can have any of these file names:
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.