Virus Information
Discovery Date: 03/05/2004
Origin: Unknown
Length: 22,528 bytes (PE-Pack)
Type: Virus
SubType: E-mail
This variant is very similar to W32/Netsky.g@MM .
This virus spreads via email. It sends itself to addresses found on the victim's machine. The virus also attempts to deactivate the various other viruses (variants of W32/Mydoom and W32/Bagle).
Mail propagation
The virus may be received in an email message as follows:
From: (forged address taken from infected system)
Subject:
Re: Hi
Re: Part 3
Re: Part 2
Re: Index
Re: Hello
Re: Yours
Re: Samples
Re: Your TAN
Re: Your PIN
Re: Your bill
Re: My details
Re: Your data
Re: Appending etc.etc.
System changes
The worm copies itself into %WinDir% (eg. C:\WINDOWS) folder using the filename MAJA.EXE.
C:\WINNT\maja.exe (22,528 bytes)
Note: A valid file exists in the %Sysdir% directory.
A Registry key is created to load the worm at system start.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run
"Antivirus" = %WinDir%\maja.exe -antivirus service
Read more: http://vil.nai.com/vil/content/v_101077.htm
Type
Win32 worm
Description
W32/Netsky-H is a worm that spreads via email. Further details will be posted shortly.
http://www.sophos.com/virusinfo/analyses/w32netskyh.html

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic