W32/Wukill-B is an internet worm which can email itself to contacts found
in the Microsoft Outlook address book.
The worm copies itself to the Windows folder as MSTRAY.EXE and creates the
following registry entry so that MSTRAY.EXE is run automatically each time
Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
RavTimeXP = %WINDOWS%\MSTRAY.EXE
The worm may copy itself to the A: floppy drive as Winkill.exe and may also
copy itself to the following folders using random filenames consisting of
1-5 characters B-Z with an extension of EXE:
%WINDOWS%\System
%WINDOWS%\Web
%WINDOWS%\Fonts
%WINDOWS%\Temp
%WINDOWS%\Help
W32/Wukill-B may also drop a harmless data file %WINDOWS%\Winfile.ini and the
following hidden, system files into the root folder:
COMMENT.HTT and DESKTOP.INI.
This worm may display a message box upon execution:
"Warning"
"This File Has Been Damage!".
W32/Wukill-B may open the File Manager application when executed on the 28th
of the month.