Aliases
W32.Galil.F@mm
Type
Win32 worm
Description
W32/Holar-J is a worm which spreads by emailing itself via STMP or via Microsoft Outlook. The worm also attempts to spread via MSN Messenger.
When run for the first time the worm displays the following false error message:
"The WinZip Wizard cannot open this file it does not apear to be a valid archive. if you downloaded this file, try downloading it again. if you want to add this file to an archive, first create or open the archive, then drop the file again."
W32/Holar-J is composed of a main dropper which drops and executes the files SYSCHK.EXE and SMTP.OCX within the Windows system folder. SMTP.OCX contains the worm's SMTP functionality and is detected by Sophos as W32/Holar-G.
The dropper also creates copies of SYSCHK.EXE as MIZZABBAT.EXE in the Windows folder and as ZACKER.EXE in a new folder called SYS32S within the Windows folder.
The worm creates an entry in the registry at the following location to run itself on system restart:
More: http://www.sophos.com/virusinfo/analyses/w32holarj.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic