Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W32/Pokey.32768.Worm

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published 27 Jun 2000 03:00:00
Description created 24 Aug 2000 03:00:00
Description updated 24 Aug 2000 03:00:00
Malware type WORM
Alias Pokey.Trojan
Win32.Pikatchu.32768
Spreading mechanism EMAIL
Summary None

W32/Pokey.32768.Worm

Spreading

W32/Pokey spreads through MS Outlook (not MS Outlook Express). When an infected file is executed it will send a copy of itself to each entry in MS Outlook address book. The mail will typically looks like this one:


(Image not available)


W32/Pokey will replace the original c:\autoexec.bat file with one containing commands to delete c:\windows and c:\windows\system when the machine restarts. You will be asked to confirm the deletion of these files, so if you answer 'N', these files will not be deleted.

The following message is displayed when the file is executed:


(Image not available)


Payload Details

n/a

Analysis

n/a

Removal

Remove this worm by running a virus scan and delete all infected files. Replace the overwritten autoexec.bat file with a clean one from your backup.


Last Updated: 12 Nov 2015 11:06:14