windvd98.exe - Dangerous
windvd98.exe
Manual removal instructions:
Antivirus Report of windvd98.exe:
windvd98.exe
W32.HLLW.Cult.P@mm is a mass-mailing worm that uses its own SMTP engine to send itself to randomly generated email addresses.
The worm also has IRC Trojan functionality that allows an attacker to control infected computer by using Internet Relay Chat (IRC).
The commands allow the attacker to perform any of the following actions:
Deliver system and network information to the attacker
Download and execute files
Dynamically update the installed worm
Send the worm to other IRC channels to attempt to compromise more computers
Trigger a mass-mailing function
Send email that contains the worm to any email address
Variants: W32.HLLW.Cult.M@mm
The email message has the following characteristics:
Subject: Hello , I sent you a beautiful Love Card ^_*
Body:
To see your Card, Please open the attachment
If you want to send a reply, please visit
http:/ /www.Love-card.com/Love/index.html
Thank You...
Attachment: BeautyLove.pif
Copies itself as %System%\Windvd98.exe.
Adds the value:
"dvd98"="windvd98.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
so that the worm runs when you start Windows.
Automatic Removal:
Use RegRun Startup Optimizer to remove it from the system registry.
windvd98.exe | Malware |
windvd98.exe | Dangerous |
windvd98.exe | High Risk |
The worm also has IRC Trojan functionality that allows an attacker to control infected computer by using Internet Relay Chat (IRC).
The commands allow the attacker to perform any of the following actions:
Deliver system and network information to the attacker
Download and execute files
Dynamically update the installed worm
Send the worm to other IRC channels to attempt to compromise more computers
Trigger a mass-mailing function
Send email that contains the worm to any email address
Variants: W32.HLLW.Cult.M@mm
The email message has the following characteristics:
Subject: Hello , I sent you a beautiful Love Card ^_*
Body:
To see your Card, Please open the attachment
If you want to send a reply, please visit
http:/ /www.Love-card.com/Love/index.html
Thank You...
Attachment: BeautyLove.pif
Copies itself as %System%\Windvd98.exe.
Adds the value:
"dvd98"="windvd98.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
so that the worm runs when you start Windows.
Automatic Removal:
Use RegRun Startup Optimizer to remove it from the system registry.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.