(Email-Worm.Win32.VB.an, W32.Alcra.B, W32/Alcan.worm!p2p, WORM_VB.AS)
These programs don't work:
Please let BitDefender disinfect your files.
Alexandru Maximciuc, virus researcher
* spreads via file sharing on P2P networks
* includes functionality to download, install and execute new malware executables
* when the worm is executed, it performs the following operations:
* creates %ProgramFiles%\winupdates directory with hidden and system attributes set.
* copies itself as:
* %ProgramFiles%\winupdates\winupdates.exe - this file has hidden and system attributes set
* %ProgramFiles%\winupdates\a.zip - an archive that contains a file - Setup.exe, which is a copy of the worm
* drops bszip.dll to %Sys32% directory - the file is clean
* may attempt to overwrite %Sys32%\taskmgr.exe
* in order to run at startup, adds the following key to system registry
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\winupdates %ProgramFiles%\winupdates\winupdates.exe /auto"
* attempts to connect to http://windowsupdate.microsoft.com in order to verify if internet connection is available
* disables some utility programs, creating the following files in the %sysdir% directory:
(.com files have priority to execution to .exe files, so that when the user tries to run regedit, the system will actually run regedit.com, not regedit.exe as expected)
* the worm will try to copy a.zip to shared P2P folders