This worm may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.
This worm creates several folders. It drops copies of itself.
It drops several components, some of which are detected as VBS_AGENT.CWV. This worm then creates a registry entry to enable its automatic execution at every system startup.
This worm creates the following registry entries to disable Task Manager. It also creates a registry entry to enable file-sharing via
Kazaa. It creates entries for subkeys of specific application names appearing under a registry key.It drops several .ZIP files that contains a copy of itself. The said ZIP files are not password-protected. Trend Micro detects the files as WORM_AGENT.ACK. This worm then shares the folder where the said .ZIP files are located.
It also drops the non-malicious files
AUTORUN.INF and
AUTORUN2.INF.
More...