Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

NEW INTERNET WORM PROLIN

                     Prolin is an Internet worm, uses Microsoft Outlook to email itself. The worm is 36,834 bytes long {37KB} and written in Visual Basic 6. It needs "MSVBVM60.dll" to spread otherwise it will show DLL missing error. The e-mail attachment name will be "Creative.exe".

                     While opening the e-mail attachment, the worm will copy "Creative.exe" to root directory of C drive and Windows startup folder C:\WINDOWS dir\Start Menu\Programs\Startup\Creative.exe. So the creative.exe file is loaded automatically whenever the system is started.

                     It opens the Microsoft Outlook Address book and sends email to all the email Ids stored. The message subject will be "A great Shockwave flash movie", the message body will be "Checkout this new flash movie that i downloaded just now... It's Great. Bye" and the attachment name will be "Creative.exe". It will show similar icon to the shockwave movie.

                     After that it will send a notification message to the virus author with subject "Job complete". It send this message to a yahoo id z14xym432@yahoo.com with message body "Got yet another idiot".

                     The payload of this worm is somewhat different. It searches for files with extensions *.ZIP, *.MP3 and *.JPG and moves them to the C drive root directory. It also adds the string "Change atleast now to LINUX" to each file extension. For example XYZ.JPG will be renamed to XYZ.JPGchange atleast now to LINUX.

                     The worm also creates a file "C:\messageforu.txt" in the root directory of C drive and stores the moved files information. At the start of this file it stores the following text strings.

"Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. i could have done far better damage, i could have even completely wiped your harddisk. Remember this is a warning & get it sound and clear... - The Penguin"

How can I protect my system?

Fire has incorporated I-Worm/Prolin into its virus signature file, with the aim of helping users affected by this Worm attack to detect and eliminate it from their systems. Fire anti-virus users can update this signature file by using online update facility.

How can I find my system is infected?

                     You can check the system manually. This worm creates "Creative.exe" in the root directory C drive. The presence of "Creative.exe" ensures you are infected with this worm. A free download [18KB] is available to detect and clean this worm.

                     To find other viruses use our FireLite version. A free download of FireLite [ 1100KB ] version is available to detect all viruses. If you find any virus, use registered windows version of Fire to remove. To get the registered version of Fire call us at 044-28170440 or mail to service@fireav.com or purchase Fire online using

[Analysis: Mr.Vijay Kumar, Mr.Xavier, Prognet Technologies Pvt. Ltd, Dec. 2000]

Go to top of the page
.