This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
4174 (2001-12-04)Updated DAT
How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!
Running this attachment infects the local system.
When run, the worm displays a message box entitled, "About"
After a short time, another window entitled "Error" is displayed:
The worm copies itself into the "WINDOWS SYSTEM" folder and adds the following registry key to load itself at startup:
The worm attempts to copy ICQMAPI.DLL to the WINDOWS SYSTEM directory to send itself to ICQ users. DLL calls are made which send the worm to ICQ contacts which are on-line. The worm also creates the file REMOTE32.INI and modifies the mIRC MIRC.INI file to use it. This causes the mIRC client to become an IRC bot, accepting instructions to initiate a Denial of Service attack from remote IRC users who are connected to the same channel. The script connects to the server "twisted.ma.us.dal.net" and joins the channel "#pentagonex". The user does not have to be knowingly connected to this server in order for this script to join this channel, they only have to start mIRC and the script will join this channel in the background.
This mass-mailing worm sends itself to all users found in the Outlook Address Book using a plain text format. Therefore, the attachment does not start automatically when the user opens the message and does not get activated automatically when then Outlook preview pane if used.
All Windows Users
Use current engine and DAT files for detection and removal.
Reinstall any security software that was deleted by the virus.
Manual Removal Instructions (not required for McAfee users with current engine and DAT files )