Type: Worm
Size: 12288 Byte
System Affected: Windows 2000,XP,NT,....

Characteristics :

1) Creates the following registry keys :

◊ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\FunotCDI32 = Pron Sex Old.exe


◊ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SystemC32 = FooVa30.exe


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\LoVEd-Sara = SARA16.exe


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Matri-x30 = FooVA30.EXE


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\KoMicT.Dll = SEXY-Dir.exe


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\MatriX30 = FooVA30.EXE


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\FooVA30 = FooVA30.EXE

◊ %system%\ZAN72
◊ %system%\SEXY-Dir.exe
◊ %system%\Teens69.dll
◊ %WINDOWS%\Sara16.exe
◊ %WINDOWS%\Aminsw64.dll
◊ %WINDOWS%\Tbsdas.bmp
◊ %WINDOWS%\Yteew32.bat
◊ %WINDOWS%\Iran.mp3
◊ %root%\FooVA30.exe