Virus Description - W32/Apost-A, W95/Urquest.24576, Win32/Yoview.A@mm

W32/Apost-A, W95/Urquest.24576, Win32/Yoview.A@mm

Name	W32/Apost-A, W95/Urquest.24576, Win32/Yoview.A@mm
Aliases	apost, post.a, apost.a, readme, urgent, yoview, Win32/Apost.A,I-Worm.Readme, W32.Urgent.Worm@mm, W32/Apost-A, W95/Urquest.24576, Win32/Yoview.A@mm
Discovered on	-

Virus Information - W32/Apost-A, W95/Urquest.24576, Win32/Yoview.A@mm:

Win32/Apost.A is an email worm. This worm will infect Windows systems. It spreads using MS-Outlook.

The worm arrives with the subject : As per your request!

and the content of the mail will be:

Please find attached file for your review.
I look forward to hear from you again very soon. Thank you.

It carries an infected attachment readme.exe. Upon execution of the attachment, it copies itself to windows directory as readme.exe. Later on the worm tries to copy the same file to the root of all physical (Including floppy drive) and logical drives.

The worm makes necessary changes to registry. It modifies registry at:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Afterwards the worm displays a dialog box with the title Urgent and a button named Open. When clicked on the Open, the worm attempts to infect the system again with the above procedure. Later on it displays a false error message with the title WinZip SelfExtractor: Warning and the message CRC error: 234#21.