|
|
A few technical details regarding this new virus.
The virus Goner can distribute itself both via e-mail messages and ICQ - the popular messages exchange system. The virus needs MS Outlook to re-distribute itself via e-mails. If MS Outlook is installed on the infected computer, the virus sends itself to all addresses from the Windows Address book. Some typical features of the virus-produced e-mails:
Message Subject line: Hi
Message body text:
How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!
The attached file has got a name gone.scr (note that the .scr extension
is used for screensavers executable files).Contrary to Nimda, BadTrans and some other viruses the Goner can not get launched automatically. The computer is infected only upon launching an attachment by the user. When launched, the virus copies itself to the Windows system folder with the same name goner.scr and adds itself to the auto-started programs list in the system Registry (to the branch HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).
The most interesting virus feature is its capability to utilize ICQ system for self-distribution: the virus "offers" all user ICQ contacts available online to receive a file goner.scr. Upon receiving a contact's OK the virus sends itself in a goner.scr file-container.
You are welcome to use the integrated Doctor Web program updater to receive the virus database add-on, or you can download the database add-ons from our site. The "hot" update with the Goner virus signatures included is available at the address http://www.antivir.ru/dsav/english/add-on/drwtoday.zip.
|
Some other interesting viruses |