My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Fbound.C@mm

MEDIUM
VERY LOW
12288 bytes
(W32/Fbound.C)

Symptoms

N/A

Removal instructions:

The virus doesn\'t drop anything on the local machine. The only removal necessary is to delete the email message the virus arrived attached to.

To delete the infected email message please follow these steps:

  1. Close all working applications including any antivirus resident modules;

  2. Open your email client;

  3. Identify the message that has the infected attachment;

    All the information about the message (folder location, sender, subject, time of arrival) can be found in BitDefender\'s scan log.

  4. Delete the message.

Analyzed By

Sorin Victor Dudea
BitDefender Virus Researcher

Technical Description:

It arrives in the following format:

Subject:
  • if the receiving e-mail address is not in a .jp domain): Important
  • if receiving e-mail address is a .jp domain: a Japanese subject randomly selected from 17 different subjects

    Attachment: Patch.exe

    After the user executes the attachment the worm searches for e-mail addresses in Outlook Express address book and send itself to those addresses in the same format it arrives. The worm uses the user SMTP settings for spreading itself.

    Win32.Fbound.A@mm is a slightly different version of this worm. It has the same subjects and attachment but the code was more structured.