W32/Elitper.E Worm

 Information about the W32/Elitper.E Worm:

W32/Elitper.E is an email worm. The worm will infect Windows systems. The worm spreads through email and shared network drives.

The subject of the infected mail will be;

Microsoft SP2 Update

The infected attachment will be;

SP2 UPDATE.EXE

The body of the infected mail will be;

Microsoft SP2 Update Urgent Download It

Upon execution of the infected attachment, the worm drops the following files.

XPStartUp.exe in the Start Menu folder.
IExpIore .exe, Norton Internet Security.exe, LSASS .exe, SP2 UPDATE.exe. in the Program Files folder.
TASKMGR .exe in the Windows folder.
Virus Detected.txt in the root of C: drive.

The worm modifies registry at the following location to load itself during each startup.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

The worm tries to terminate the following processes.

DirectX3D.exe
DAP.exe
mdm.exe
smss.exe
regedit.com
dllhost.exe
iexplore.exe
msgmsgr.exe
ccapp.exe
VB6.exe

To propagate itself, the worm collects all the available email addresses from the Microsoft Outlook address book of the infected system and mails itself to the collected email addresses using its own SMTP engine.

The worm attempts to create copies of itself to the shared folders of following software.

BearShare
Edonkey2000
KaZaA Lite
Morpheus
Grokster
Kazaa
KMD

To entice the user to execute the worm, it copies itself to the above mentioned P2P software shared folder using the following name;

All Nokia Phones Hacking + HotKeys To Acess To Networks.exe
All Nokia Phones Software Codes + HotKeys To Acess To Networks.exe

This worm first appeared on 26th March, 2005.

 Other names of W32/Elitper.E Worm: