Global sites
RiešeniaProduktySlužbyPredajNa stiahnutiePartneriPodporaSpoločnosť ESETVirus info
Threat CenterEset Online scannerESET SysInspectorThreatSense® ThreatSense.Net® Security TipsThreat LevelThreat Dictionary
Threat Encyclopaedia
Update infoVirus Radar on your Website
Antivirus Software NOD32 > Threat Center > Threat Encyclopaedia > C

Threat Encyclopaedia

Vytlačiť stránkuPoslať

Choke.A

Aliases: I-Worm/Choke, W32/Choke.40960, W32.Choke.Worm, Win32.HLLM.Choke.40960

Win32/Choke.A is a worm written in Visual Basic. It spreads in the Microsoft Messenger environment. Its length is 40960 bytes. For its activities it requires presence of the library MSVBVM60.DLL.
When spreading by means of Microsoft Messenger the worm uses names ShootPresidentBUSH.exe or choke.exe. After the file containing the worm is run Win32/Choke.A copies itself into the root directory on the disk C: under the name choke.exe. Its activation after the system restart the worm ensures by creating an item with name Choke in the key of the system registry HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun. It sets the value of this item to C:choke.exe -blahhh.
After its execution the worm displays gradually two windows with fake messages about errors.

The worm creates the file C:about.txt containing the following text:

Choke , Copyright « 1886 ... A MAD CHRISTIAN
---------------------------------------
Go talk swearwords about God
You all will die, stupid humans.
You fools didn't see what you have done
Bye slut, go talk shit about me.
(Call me a 'psychophatt', but I respect the Creator of life...)
' Consider your earth '

After that the worm sends through the gate paper.icq.com a message with the text "Micro$oft invites you to use MSN Messenger!" to random users. As sender of the message is given George.W.Bush@whitehouse.gov.