Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Wenru-A

Feb 27, 2004 12:19AM PST

Aliases
I-Worm.Wenru

Type
Win32 worm

Description
W32/Wenru-A is a worm that spreads via email.
In order to run automatically when Windows starts up W32/Wenru-A copies itself to the files svchoct.exe, svshost.exe and UpLoad.exe in the Windows system folder and creates the following registry entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SOFTWARE

The worm collects email addresses from the system and sends itself out. The email sender adress is forged to Corporation@microsoft.com. The subject line of the email reads "Update For your system." and the attachment has the name UpLoad.scr.

At specific dates the worm attempts to launch a denial-of-service attack against a remote web site.

http://www.sophos.com/virusinfo/analyses/w32wenrua.html

Discussion is locked