molto carino :
- It uses a more complex encryption technique.
- It deletes all .NTZ files on the local machine.
- It terminates the ZoneAlarm firewall program if it is running.
- It creates a SYSTEM.INI [boot]shell value to run itself at startup.
- It has also been reported to retrieve email addresses from Eudora mailbox files (.MBX), overwrite the WIN.COM/NTLDR file at times, and send .GIF files found on the local machine to others along with itself.
http://vil.nai.com/vil/virusSummary.asp?virus_k=99199
Segnalibri