high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 14 February 2007 00:00:11 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Dref-AB is a worm for the Windows platform.
W32/Dref-AB attempts to spread via email, but instead sends corrupt copies detected as W32/Dref-Dam.
W32/Dref-AB sends emails with the following characteristics:
Subject line chosen from:
A Valentine Love Song
Be My Valentine
Fly Away Valentine
For My Valentine
Happy Valentine's Day
My Lucky Valentine
My Valentine
My Valentine Heart
My Valentine Sunshine
Send Love On Valentines
The Valentine Love Bug
The Valentines Angel
Valentine's Love
Valentine's Night
Valentine Letter
Valentine Love Song
Valentine Sweetie
Valentines Day Dance
Valentines Day is here again
Your Love on Valentine's
Attached file chosen from:
Flash Postcard.exe
flash postcard.exe
greeting postcard.exe
Greeting Postcard.exe
greeting card.exe
Greeting Card.exe
postcard.exe
Postcard.exe
W32/Dref-AB may also attempt to drop a randomly named file into the current folder and run it.
This file is also detected by Sophos as W32/Dref-AB.
When W32/Dref-AB is installed the following files are created:
<System>\wincom32.ini
<System>\wincom32.sys
The file wincom32.sys is detected as Troj/Dorf-Fam.
The file wincom32.ini is a clean data file.
|
