Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Goner.A@mm

Overview

Threat Risk LOW LOW
Destructivity MEDIUM MEDIUM
Payload Deletes antivirus files
Detection files published 03 Dec 2001 03:00:00
Description created 04 Dec 2001 04:47:00
Description updated 13 Mar 2002 06:23:00
Malware type WORM
Alias
Spreading mechanism EMAIL
OTHER
Summary None

W32/Goner.A@mm

Spreading

When executed, it will first display a small animated picture, which will be immediately followed by an error message.

(Image not available)


(Image not available)



After this it will mail itself to all addresses in the Outlook address book.


(Image not available)

The worm copies itself to the Windows system directory under the name GONE.SCR and sets the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run to point to this.

If ICQ is installed on the infected computer, the worm will attempt to send itself to other ICQ users online.

Payload Details

The worm tries to stop processes and delete files belonging to certain antivirus products.It will also in some cases install some flood scripts to the Internet Relay Chat client mIRC.

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:14