W32/Sharp-A is a virus that arrives in an email message with the following characteristics:
Subject: Important: Windows update
Message body: Hey, at work we are applying this update because it makes Windows over 50% faster and more secure. I thought I should forward it as you may like it.
When W32/Sharp-A is executed it copies itself to C:\MS02-010.EXE and drops and executes sharp.vbs in the current directory. This file is detected as VBS/Sharp-A. The script sends the email described above to everyone in the Outlook address book.
If the virus detects the Microsoft .NET runtime, it drops and executes the file cs.exe in the Windows directory. This file infects .EXE files with W32/Sharp-A and creates the file sharp.vbs in the Windows startup folder. This file merely displays a message box with the title "Sharp" and the text:
"You're infected with Win32.HLLP.Sharp, written in C#, by Gigabyte/Metaphase"
The virus also creates the registry key HKLM/Software/Sharp which contains the name of the viral file which was run.