28008 bytes (packed with Petite)
- presence of the following files in Windows directory (%WINDIR%):
- presence of the following entry
SysMonXP = %WINDIR%\SysMonXP.exe
in HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key
Let BitDefender delete the infected files.
Adrian Gostin BitDefender Virus Researcher
The worm sends itself as an e-mail attachment to addresses found in
the infected computer.
It copies itself in the Windows directory as SysMonXP.exe and drops
to the same directory a DLL component: Firewalllogger.txt.
It then sets the following registry key, so it will be executed each
time Windows starts up:
In 30/03/2004 it generates in the computer speaker sounds with
different tones and durations