(Continued from previous message)

"Hi i just wanted to say sorry for last night and .. i wish u accept
this as an apology bye dear" "elegant ppl should satisfy thier
taste with elegant things :) Wait for more :)" "I've got your
email , but you forgot to upload the attachments. Don't be selfish , i sent
you all the files i have, send me anything :( bye" "heyyy i tried
many times to send u this email but ur account was out of storage ss i any
way , make sure that i didn't and i won't forget u :) Cya Forgotten
:P" "i thing the subject is enough to describe the attached file
! check it out and replay your opinion Cya" "Hiiiiiii i've got
this surprise from a friend :) it really deserves a few minutes of your
time. Bye" "Never mind !" "Attatchments" "See
the attatched file" "you seem to be mad {at} me coz i didn't send u
anything for along time, i didn't forget u , but i was kinda busy , i've
got all of ur emails thanx :) and i hope u accept this one as an
apology." "gift" "Surprise!" "Hi i'm fine ,
thanx for asking :) and thanx for the nice attachements. but unfortunately,
i don't remember you i will be waiting for u emaill to remind me of your
self. Hummm , i hope u accept this show as an apology. bye" "save
it for hard times" "Happy Times :)" "Useful"
"Very funny" "hey wuts up? cyaaa" "you have to see
this!" "amazing!"

the attached file can have one of the following extensions:

UUE, MIM, HQX, UU, XXE, BHX, EXE

W32/Holar-J deletes files with the following extensions:

JPG, DOC, PPS, RAM, RM, XLS, MDB, RAR, MPEG, MPG, AVI, MPE, ASF





W32/Agobot-CS

Aliases
W32.HLLW.Gaobot.gen

Type
Win32 worm

Detection
At the time of writing, Sophos has received just one report of this worm
from the wild.

Description
W32/Agobot-CS is an IRC backdoor Trojan and network worm that copies itself
to network shares with weak passwords.

When first run, W32/Agobot-CS copies itself to the Windows system folder as
spolsv.exe and creates the following registry entries to ensure it is run
at system logon:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ SpoolService= spolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\ SpoolService= spolsv.exe

Each time W32/Agobot-CS is run it attempts to connect to a remote IRC
server and join a specific channel.

W32/Agobot-CS then runs continuously in the background, allowing a remote
intruder to access and control the computer via IRC channels.

W32/Agobot-CS collects system information and registration keys of popular
games that are installed on the computer.

The worm also attempts to terminate and disable various security-related programs.





W32/Agobot-P

Aliases
Backdoor.Agobot.3.co, WORM_AGOBOT.U

Type
Win32 worm

(Continued to next message)
---
 * OLX 1.53 * Thesaurus: ancient reptile with an excellent vocabulary.
        
 * PDQWK 2.52 #5


--- GTMail 1.26