Hi, welcome to TSF
Unfortunately, there's more to removing viruses than just deleting the file. Please follow the instructions
here (5 pages) and then post all the requested logs in a new thread
here for the security analysts to look at. If you have any trouble running any of the scans, leave them and move onto the next.
The security forum is always busy, so please be patient and you will receive a reply as soon as possible. If you go to Thread Tools > Subscribe at the top of your new thread you will receive an email as soon as a reply is posted.
http://www.viruslist.com/en/viruses/...?virusid=22895
http://www.viruslist.com/en/virusesd...52540408#email
Quote:
Email worms
Email worms spread via infected email messages. The worm may be in the form of an attachment or the email may contain a link to an infected website. However, in both cases email is the vehicle.
In the first case the worm will be activated when the user clicks on the attachment.In the second case the worm will be activated when the user clicks on the link leading to the infected site.
Email worms normally use one of the following methods to spread:
* Direct connection to SMTP servers using a SMTP API library coded into the worm
* MS Outlook services
* Windows MAPI functions
Email worms harvest email addresses from victim machines in order to spread further. Worms use one or more of the following techniques:
* Scanning the local MS Outlook address book
* Scanning the WAB address database
* Scanning files with appropriate extensions for email address-like text strings
* Sending copies of itself to all mail in the user's mailbox (worms may even 'answer' unopened items in the inbox)
While these techniques are the most common, some worms even construct new sender addresses based lists of possible names combined with common domain names.
|