windvd98.exe - Dangerous
windvd98.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
The worm also has IRC Trojan functionality that allows an attacker to control infected computer by using Internet Relay Chat (IRC).
The commands allow the attacker to perform any of the following actions:
Deliver system and network information to the attacker
Download and execute files
Dynamically update the installed worm
Send the worm to other IRC channels to attempt to compromise more computers
Trigger a mass-mailing function
Send email that contains the worm to any email address
Variants: W32.HLLW.Cult.M@mm
The email message has the following characteristics:
Subject: Hello , I sent you a beautiful Love Card ^_*
Body:
To see your Card, Please open the attachment
If you want to send a reply, please visit
http:/ /www.Love-card.com/Love/index.html
Thank You...
Attachment: BeautyLove.pif
Copies itself as %System%\Windvd98.exe.
Adds the value:
"dvd98"="windvd98.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
so that the worm runs when you start Windows.
Automatic Removal:
Use RegRun Startup Optimizer to remove it from the system registry.