sex.exe - Dangerous
sex.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
Spreading via the Internet as an email attachment.
Infected email message has the following characteristics:
From: nicky@yahoo
Subject: look for this pretty!))
Attachement: sex.exe
When the file sex.exe is executed, it does the following:
Shows the message (in white background): (in Russian)
German Sterlingov:
For Moskow without Urjuchja.
Copies itself to the root directory of disk c:.
Adds the value: "Win2Drv = sex.exe" to the registry key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Creates the file sex.bmp in c:\ and installs it as the wallpaper.
Makes changes in win.ini:
[Desktop]
Wallpaper=C:\SEX.BMP
Searches the key: Software\Microsoft\WAB\WAB4\Wab File Name in the system registry
and sends itself to every mail address found in Windows Address Book uses pre-defined connection to SMTP server.
Use RegRun Startup Optimizer to automatically remove it from startup.