|
|
||||||||||||||
|
|
Cholera Worm and CTX Virus Information Names: W95/HLLW.Cholera and W95/CTX.7207
This infector is a worm-virus combination. W95/HLLW.Cholera is a worm that drops the W95/CTX.7207 virus. The worm is received via an e-mail attachment in a file named SETUP.EXE. When SETUP.EXE is executed, the system becomes infected with the W95/HLLW.Cholera worm and the W95/CTX.7207 virus and the following text is displayed: Cannot open file: it does not appear to be a valid archive. If you downloaded this file, try downloading the file again. W95/HLLW.Cholera copies itself to the Windows directory with the file name "RPCSRV.EXE" and modifies the WIN.INI file to execute on startup. An alternate strategy is used on Windows NT - the Registry is modified. When an Internet application is run, the worm sends a copy of itself via e-mail. It appears to have its own SMTP engine and does not require Outlook or MAPI for distribution. As of this writing (9/10) this worm/virus was not found in the wild. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
|