My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.MyLife.F@mm

LOW
HIGH
7680 bytes (~ 41 KB when unpacked)
(N/A)

Symptoms

  • File "List480.TXT.scr" in the Windows System folder;

  • The "sys" entry in the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run registry key; the value of this entry refers the file named above:

  • Removal instructions:

    1. If you don't have BitDefender installed click here to download an evaluation version;

    2. Make sure that you have the latest updates using BitDefender Live!;

    3. Make the following changes in the windows registry:

      Note: Please make sure to modify only the values that are specified. It is also recommended to backup the windows registry before proceeding with these changes. For more information on backing the registry please read the FAQ.

      1. Select Run... from Start, then type regedit and press Enter;

      2. Delete the sys key value from:
        HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    4. Perform a full scan of your system (selecting, from the Action tab, the option Prompt user for action). Choose to delete all the files infected with Win32.MyLife.F@mm.

    Analyzed By

    Bogdan Dragu BitDefender Virus Researcher

    Technical Description:

    This version is very similar to Win32.MyLife.C@mm; the most obvious difference is in the name of the virus file: List480.TXT.scr.

    It arrives as an attachment to an e-mail message in this format:

    Subject:The List
    Body:
    Hiiiii
    How are youuuuuuuu?
    look to the notepad it's vvvery verrrry ffffunny :-) :-)
    Notepad = list
    list = 37
    buyyyy

    ========No Viruse Found========
    MCAFEE.COM
    --------------------------------------------------------


    Attachement: "List480.TXT.scr" (size: ~ 8 KB)





    The attachment's filename extension is (as before) chosen to fool the user into thinking it is a Windows screen-saver. When run, the virus first displays an "error" message box:





    then drops a copy of itself in the Windows System folder and registers it to be run each time the "infected" user logs on to Windows. The virus will send copies of itself to all the user's contacts in the Address Book and the MSN Messenger contact list, by creating e-mail messages in the format described above.

    When run again (for example, each time the user logs on to Windows), the virus displays a mocking message box:





    As a payload, the virus attempts (under certain conditions, such as a specific day and minute of hour) to format some hard-disk partitions (D:, E:, F:, G:, H:, I:) and to delete all of the folders in the C: hard-disk partitions; the result of this action, if successful, would be the loss of almost all of the user's data.