Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » W97M/Resume.A@mm

Overview

Threat Risk MEDIUM MEDIUM
Destructivity MEDIUM MEDIUM
Payload
Detection files published 26 May 2000 03:00:00
Description created 26 May 2000 03:00:00
Description updated 26 May 2000 03:00:00
Malware type VIRUS
Alias
Spreading mechanism EMAIL
FILE_INFECTION
Summary None

W97M/Resume.A@mm

Spreading

The Explorer.doc attachment will launch the virus once double clicked. The first action of the virus will be creating a new folder "C:Data". After that, it will e-mail itself to all addresses in your addressbook. Closing the document will cause a highly dangerous payload. At the top of the viral code, the author left a message that reads:



Better You Than Me Buddy...
... Hope You Like My vIrUs
:)
:(

Payload Details

W97M/Resume.A@mm has a dangerous payload. When the infected document is closed, it will save itself to the next directories as the next files:C:\WINDOWS\Start Menu\Programs\StartUp\Explorer.docC:\Data\Normal.dotAfter that, it will delete all files fromC:\My DocumentsC:\WINDOWSC:\WINDOWS\SYSTEMC:\WINNT C:\WINNT\SYSTEM32And all files in the RootDirectory from all drives A-Z.

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:15