Virus Messenger - Messages from the MSNworm worm
The MSNworm.GM worm tries to upload to as many computers as possible through instant messengers, hidden behind various image files.
Az MSNworm.GM The worm, like its variants to date, focuses on the Windows Live Messenger instant messaging service and seeks to spread it. If you have a Windows Live Messenger application running on the infected computer, it will start sending messages based on its address list. Attaches a file that looks like a photo. If it is opened by the user, an error message for deceptive purposes informs them that the image cannot be viewed. However, during this time, the worm will already start downloading its own files and then infect your computer.
The MSNworm.GM worm copies its own file to the Windows directory and then modifies the registry so that it can load automatically after each restart of Windows.
When the MSNworm.GM worm starts, it performs the following actions:
- Create the following file:
% Windows% \ FXSTALLER.EXE - Copies a file named BURIM.EXE to the% Windows% \ temp directory.
- Creates the following value in the registration database:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Windows UDP Control Center = fxstaller.exe - It tries to spread through Windows Live Messenger.
- Sends messages to people in the address list trying to get recipients to open an attached image file.
- When the message file is opened by the user, a message window appears with the following text:
“Picture cannot be displayed.” - Download a malicious file to your computer.
