W32.Pokey.Worm
W32.Pokey.Worm is a worm that propagates as an attachment by
email. When the attachment
is executed, it will display an animation of a pokemon character.
The worm also has a payload
that will delete the contents of your Windows and Windows\system
directories.
Also known as: Pokemon, I-Worm.Pikachu, Pokey.bat,
Pokey
Category: Worm
Infection length: 32,768 bytes
Virus definitions: June 28, 2000
Damage
Payload:
Large sale e-mailing: Sends itself to all recipients in the Outlook address book.
Deletes files: Deletes the contents of the Windows and Windows\system directories.
Modifies files: Commands are added to the autoexec.bat file that will delete the contents of the Windows and Windows\system directories.
Causes system instability: The system will become unstable when the contents of the Windows and Windows\system directories have been deleted.
Distribution
Subject of e-mail: Pikachu Pokemon
Name of attachment: pikachupokemon.exe
Size of attachment: 32,768 bytes
Technical description:
W32.Pokey.Worm is a worm program, not a virus. It propagates as
an attachment by email. It will attempt to email itself to
everyone in the address book. Only systems running Outlook are
affected. The worm will not run on Outlook Express.
The subject of the email is: Pikachu Pokemon
The body of the email is:
Great Friend!
Pikachu from Pokemon Theme have some friendly words to say.
Visit Pikachu at http://www.pikachu.com
See you.
Attachment name: pikachupokemon.exe
The attachment (worm program) will only run if the file MSVBVM60.dll is installed and available on the system and also if the file name is pikachupokemon.exe. This file is a Visual Basic 6 runtime library file. When the attachment is executed it will display the following animation picture
The worm will also modify the contents of the autoexec.bat file to delete the contents of your Windows directory and Windows\system directory. The autoexec.bat file will be executed when the system is rebooted and will display a prompt before attempting to delete the content of those directories.
