The virus doesn\'t drop anything on the local machine. The only removal necessary is to delete the email message the virus arrived attached to.
To delete the infected email message please follow these steps:
- Close all working applications including any antivirus resident modules;
- Open your email client;
- Identify the message that has the infected attachment;
All the information about the message (folder location, sender, subject, time of arrival) can be found in BitDefender\'s scan log.
- Delete the message.
Sorin Victor Dudea
BitDefender Virus Researcher
It arrives in the following format:
if the receiving e-mail address is not in a .jp domain): Important
if receiving e-mail address is a .jp domain: a Japanese subject randomly selected from 17 different subjects
After the user executes the attachment the worm searches for e-mail addresses in Outlook Express address book and send itself to those addresses in the same format it arrives. The worm uses the user SMTP settings for spreading itself.
Win32.Fbound.A@mm is a slightly different version of this worm. It has the same subjects and attachment but the code was more structured.