Plage2000:
Virus name |
Plage2000 |
Type |
Internet Worm |
Infection:
The virus is transfered to your PC by opening an Email attachment. The
infectionmail is masked as an answer to a written email. The text of this Email
is:
"I'll try to reply as soon as possible. Take a look to the attachment and
send me your opinion!"
The known names of the attachmentfile are pics.exe, images.exe, joke.exe,
PsPGame.exe, newsdoc.exe, hamster.exe, tamagotxi.exe, searchURL.exe, SETUP.EXE,
Card.EXE, billgt.exe, midsong.exe, s3msong.exe, docs.exe, humor.exe or fun.exe.
Payload:
If the attachment is opened, an self-extracting WinZip-File seems to be opened.
After confirmation to UnZip the file one of the following messages appear:
-
"WinZip self-Extractor
ZIP damaged: file worm name: Bad CRC number.
Possible cause: file transfer error"
-
"WinZip self-Extractor - worm name:worm name -
Application Error The exception unknown software exception (0xc00000fd)
occurred in the application ...."
In the meantime the virus copies itself under the name INETD.EXE
into the Windowsdirectory. It creates a new registry entry under the key
"HKEYCURRENTUSER\Software\Microsoft\WindowsNT\CurrentVersion\Windowsrun\
Windowsverzeichnis INETD.EXE". The virus gets every 5 minutes in contact
with the Email-Client, Outlook or Exchange, and tries to answer Emails.
Remarks:
The answered mails cannot be read. Plage2000 causes no damge on your PC, but
the answermails can relevant endanger the infrastructure of the emailsending.
Copyright
by All-About-PC. All rights reserved.
All information on this website is protected by international law. Any
reproduction or publication without the agreement of the editorial
office is prohibited. Please respect the work of others.
Although all information on this website is hardly recherched and
mostly checked and confirmed from secondary side, we do not take the
responsibillity for any damage originated from the use of the
information on our site. |