News Spacer Products Spacer Service Spacer Virus Center Spacer Contact Spacer Downloads Spacer Search

LogoGlobeAntiVirus Software

virus alerts

Cholera Worm and CTX Virus Information

Names: W95/HLLW.Cholera and W95/CTX.7207
Aliases: Cholera, W32.Cholera, CTX, W32.CTX, PE_CHOLERA.CTX, Simbiosis
Type: W95/HLLW.Cholera is a worm. W95/CTX.7207 is a polymorphic, encrypted virus


Description:

This infector is a worm-virus combination. W95/HLLW.Cholera is a worm that drops the W95/CTX.7207 virus. The worm is received via an e-mail attachment in a file named SETUP.EXE. When SETUP.EXE is executed, the system becomes infected with the W95/HLLW.Cholera worm and the W95/CTX.7207 virus and the following text is displayed:

    Cannot open file: it does not appear to be a valid archive. If you downloaded this file, try downloading the file again.

W95/HLLW.Cholera copies itself to the Windows directory with the file name "RPCSRV.EXE" and modifies the WIN.INI file to execute on startup. An alternate strategy is used on Windows NT - the Registry is modified.

When an Internet application is run, the worm sends a copy of itself via e-mail. It appears to have its own SMTP engine and does not require Outlook or MAPI for distribution.

As of this writing (9/10) this worm/virus was not found in the wild.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

HomePurchase CenterVirus CenterSupport Center
Quick Links
BUY NOW
PRODUCT INFO
SOFTWARE UPDATES
LATEST DEFFILES


This Section
Product Information
Product Literature
Tutorials
Documentation
   - Manuals
   - Readmes
   - Quick Start Guide
   - Viewing Utilities
Test Drives
How to Buy
Contact Us
Latest DEF Files
Latest Version
Latest Patches

Awards





Home Page