cthonic.vbs - Dangerous
cthonic.vbs
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
This worm spreads via the Internet as an attachment to infected files.
The worm searches for files with the extensions .exe, .cpl, and .scr.
When infecting these files it writes itself to the end of the files in a section named .DCUbLmd
The worm's code contains errors. It is unable to propagate independently.
A VBS script controls propagation via email.
The executable file infects notepad.exe, and copies itself to the C: root directory as C:\snowboard_accident.avi.[75 spaces]exe
Infected messages:
Subject: Hey check out this funny video my friend sent me !
Message body: Mail Body
Attachment name: C:\snowboard_accident.avi.[75 spaces]exe
The worm uses Windows MAPI function to send messages.
When sending infected messages, the worm accesses MS Outlook and sends itself to all addresses harvested from the address book.
It also propagates via mIRC.
Use RegRun Startup Optimizer to automatically remove this worm.