W32/Maldal-C

Category: Viruses and SpywareProtection available since:19 Dec 2001 00:00:00 (GMT)
Type: Win32 wormLast Updated:19 Dec 2001 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Please note: this worm was previously known as W32/Zacker-C

W32/Maldal-C is a worm that attempts to spread using Microsoft Outlook or Microsoft Messenger.

The message has the following characteristics:

Subject: Happy New Year

Body text:
Hii
I can't describe my feelings
But all I can say is
Happy New Year:)
bye

Attachment: Christmas.exe

W32/Maldal-C message

When first run, the worm copies itself into the Windows directory as Christmas.exe and creates the registry entry

HKLM\Software\Microsoft\Windows\
CurrentVersion\Run\Zacker = <Windows>\Christmas.exe,

so that it is run automatically each time Windows is restarted.

The program displays a picture of Santa with the message "From the heart, Happy new year!".

From the heart, Happy new year!

The worm changes the computer name and the default browser home page by setting the registry keys

HKLM\System\CurrentControlSet\Control\ComputerName\
ComputerName\ComputerName = Zacker

and

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page = http://geocities.com/jobreee/ZaCker.htm.

W32/Maldal-C also attempts to disable the keyboard.