W32/Verona-B

Please follow the instructions for removing worms.

W32/Verona-B is a variant of W32/Verona. It uses one of 18 SMTP servers to propagate.

The subject line may be blank, or made from random lower case letters arranged into 3 or less words, or chosen from the following:

Romeo&Juliet
where is my juliet ?
where is my romeo ?
hi
last wish ???
lol :)
,,...
!!!
newborn
merry christmas!
suprise !
Caution: NEW VIRUS !
scandal !
^_^

It copies itself to C:\WINDOWS\SYSRNJ.EXE and creates a new file type, RNJFILE, in the registry.

It then registers the file types EXE, JPG, JPEG, JPE, BMP, GIF, AVI, MPG, MPEG, WMF, WMA, WMV, MP3, MP2, VQF, DOC, XLS, ZIP, RAR, LHA, ARJ AND REG, so that explorer will run the virus rather than appropriate program.

This virus relies on a security vulnerability in Microsoft Outlook and Outlook Express to work. Microsoft has released a patch that eliminates the vulnerability. For further information and to download a patch please read Microsoft Security Bulletin (MS00-046).