Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

APost Worm

Information about APost worm:

                    APost is an Internet worm uses Microsoft Outlook to spread. The worm is 24,576 bytes long and written in Visual Basic 6.0. It needs "MSVBVM60.dll" to spread otherwise it will show dll missing error. The attachment name will be "Readme.exe". It is also known as I-Worm.Readme, W32/Apost@mm, W32/Apost-A, TROJ_APOST.A, W32.urgent.worm@mm or Readme.

                     APost worm arrives as an e-mail attachment with the name "Readme.exe". The message subject will be "As per your request!", the message body will be "Please find attached file for your review. I look forward to hear from you again very soon. Thank you".

                     While opening the e-mail attachment, the worm will copy "Readme.exe" to all mapped drives including C drive's root directory. Then it changes the registry settings to load when the system is started every time. The registry modifications are given below.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"macrosoft":="C:\Windows\readme.exe"

                     The worm displays a dialog box with the title Urgent and a button named Open. When the user clicked on the Open, the worm attempts to infect the system again and displays a false error message with the title WinZip SelfExtractor: Warning and the message CRC error: 234#21. Finally it opens the Microsoft Outlook Address book and sends email to all the email Ids stored.

Remvoing Apost worm from your system:

                   Fire has incorporated I-Worm/APost in its signature file, with the aim of helping users affected by this Worm attack to detect and eliminate it from their systems. Fire anti-virus users can update this signature file by using online update facility. It is available with the registered version of Fire anti-virus Kit.

                   You can check the system manually. I-Worm/APost creates the file "Readme.exe" in Windows folder. The presence of this file ensures you are infected with this worm. A free download is available to detect and clean this worm.

                   A free download of FireLite [ 1100KB] version is also available to detect all viruses including Readme worm. If you find this worm, use registered version of Fire to remove. Fire anti-virus kit provides perfect cure for I-worm/APost aka Readme worm. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

[Analysis: Mr.Ramesh, Mr. Vinoj Kumar, Prognet Technologies Pvt. Ltd, Sept. 2001]

Go to top of the page
.