Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

I-WORM/MUSIC REPORTED IN THE WILD

                     I-Worm/Music is an Internet worm, uses Windows address book to email itself. The worm is 39,936 bytes long {39KB} and written in Visual Basic 5. It needs "MSVBVM50.dll" to spread otherwise it will show DLL missing error. The e-mail attachment name will be Music.exe or Music.com

                     While opening the e-mail attachment, the worm will display Christmas greetings with music. In the background it copies itself to windows system folder in the name of "SYSMCM.EXE". It also modifies registry setting to load next time automatically.

                     Then it connects to virus author site and downloads additional components to the local machine to e-mail automatically. The additional files will be stored in the name of SYSDRV.EXE and SYSTMP.DLL in Windows directory.

                      It opens the Windows address book and sends email to all the email Ids stored. The message subject will be "Testing to send file", the message body will be "Hi, just testing email using Merry Christmas music file, not bad music." or "Hi, just testing email using Merry Christmas music file, you'll like it" and the attachment name will be Music.exe or Music.com. The icon of the attachments will be similar to Wave file icon.

                     This worm has the ability to update new versions from the virus author site. The file downloaded by I-Worm/Music from virus author site contains the following string.

"Hi, tracing this file? It's a very friendly program, it do nothing harm to your system. In fact I hate a file like this, but the bad thing is I cant find a job, and I need to rent my basement room, I only hope this file could help me to make my both ends meet. Thanks & regards. -- The author, Nov 08, 2000."

How can I protect my system?

Fire has incorporated I-Worm/Music and its variants in virus signature file, with the aim of helping users affected by this Worm attack to detect and eliminate it from their systems. Fire anti-virus users can update this signature file by using online update facility.

How can I find my system is infected?

                     You can check the system manually. This worm creates "SYSMCM.exe" in windows system folder. The presence of "SYSMCM.exe" ensures you are infected with this worm. A free download of FireLite [ 1100KB ] version is available to detect all viruses. If you find any virus, use registered windows version of Fire to remove. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

[Analysis: Mr.Ramesh, Mr.Vijay Kumar, Prognet Technologies Pvt. Ltd, Dec. 2000]

Go to top of the page
.