My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.MyLife.I@mm

LOW
HIGH
12288 bytes
(N/A)

Symptoms

- Files "ox&Wife.scr"
and "peeeep~~~.scr" in
the Windows System folder;
- The "OX" entry in the
registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run,
causing the "ox&Wife.scr"
to be executed at system start-up.

Removal instructions:

  1. If you don't have BitDefender installed click here to download an evaluation version;

  2. Make sure that you have the latest updates using BitDefender Live!;

  3. Make the following changes in the windows registry:

    Note: Please make sure to modify only the values that are specified. It is also recommended to backup the windows registry before proceeding with these changes. For more information on backing the registry please read the FAQ.

    1. Select Run... from Start, then type regedit and press Enter;

    2. Delete the following key:
      HKCU\Software\Microsoft\Windows\CurrentVersion\Run

  4. Perform a full scan of your system (selecting, from the Action tab, the option Prompt user for action). Choose to delete all the files infected with Win32.MyLife.I@mm.

Analyzed By

Bogdan Dragu BitDefender Virus Researcher

Technical Description:

This is another
mass-mailer in the Win32.MyLife
series, that spreads by e-mail (using Microsoft Outlook) to the user's contacts.
It was written in Visual Basic and packed using UPX.

It arrives as an attachment
to an e-mail message in this format:


Subject:
peeeeep picture

Body:
hi
look to the 3d Picture it's very sad
bye

Attachement:
"peeeeep~~~.scr" (size: ~ 12 KB)





When run, the virus will copy itself as
"ox&Wife.scr"
and "peeeep~~~.scr"
in the Windows System folder and
register the "ox&Wife.scr"
dropped copy to be run every time the user logs on to Windows (by creating the
registry entry described in the Symptoms section). This might only happen once,
as the virus has a very distructive payload routine.

The virus will send e-mail
messages to the user's contacts in the Address Book and the MSN Messenger contact
list (in the format described above). It will also send a message to the address
zary2000@email.com (that also
includes the virus body as an attachment) in the following format:


Bcc:
zary2000@email.com

Subject:
Digital Picture --> OX

Body:
hi all,
look to the 3D Picture it's very sad
it's OX


bye

Attachment:
ox&Wife.scr





Eventually the virus will display the following picture:




Payload:

When run for the
second time (eg: when the user restarts Windows), the virus will attempt to overwrite
all files in the folders of the hard-disk drive partitions (the original contents
of these files will be replaced with a single whitespace character).