<html>  <head>  <meta name="description" content="Analyse de virus de Sophos">  <meta name="keywords" content=" W32/Hawawi-A I-Worm.Hawawi, W32/Holar.d@MM, W32.Hawawi.Worm, Win32/Hawawi.A sophos anti-virus anti virus antivirus sweep viruses">  <title>Analyse de virus de Sophos: W32/Hawawi-A</title>  <!-- SOPHOS Head: start --><meta name="MSSmartTagsPreventParsing" content="TRUE">  <script type="text/javascript" src="/javascript/frameworkpreload.js"></script>  <script type="text/javascript" src="/javascript/basic.js"></script>  <link href="/sophos/styles/sophos.css" rel="stylesheet" type="text/css">  <link href="/sophos/styles/menu.css" rel="stylesheet" type="text/css">   <!-- SOPHOS Head: end -->  </head>  <BODY background="/images/eng/framework/background-1600.gif" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bgcolor="#FFFFFF">   <a name="top"></a>  <!-- SOPHOS Header: start -->      <a name="TOP"></a> <!-- ImageReady Slices (top-bar.psd) -->      <table summary="Sophos - antivirus pour l'enterprise" width="668" border="0" cellpadding="0" cellspacing="0">  <tr>  <td rowspan="3"><map name="sophos"><area shape="rect" coords="8,10,168,50" alt="Sophos" href="/"></map><img src="/images/fra/framework/top-bar_01.gif" width="449" height="63" alt="Sophos - antivirus pour l'enterprise" border="0" ismap usemap="#sophos"></td>  <td rowspan="3" background="/images/fra/framework/top-bar_02.gif" align="right" width="145"><!-- Search Nav Start --><form method="post" action="/search/index.cgi"><input type="hidden" name="scope" value="whole_site"> <input type="hidden" name="lang" value="french"><input type="text" size="12" name="terms"><img src="/images/common/interface/spacer.gif" alt="" width="3" height="1"><!-- Search Nav End --></td>  <td colspan="2"><img src="/images/fra/framework/top-bar_03.gif" width="74" height="23" alt=""></td>  </tr>    <tr>  <td><!-- Searchbutton Nav Start --><input type="image" onmouseover="this.src='/images/fra/framework/top-bar_04-over.gif'" onmouseout="this.src='/images/fra/framework/top-bar_04.gif'" src="/images/fra/framework/top-bar_04.gif" width="66" height="18" border="0" alt="Rechercher"><!-- Searchbutton Nav End --></td></form>  <td><img src="/images/fra/framework/top-bar_05.gif" width="8" height="18" alt=""></td>  </tr>    <tr>  <td colspan="2"><img src="/images/fra/framework/top-bar_06.gif" width="74" height="22" alt=""></td>  </tr>  </table>              <!-- End ImageReady Slices -->    <table summary="Organisation de la page avec liens aux sections : Page d'accueil, A propos de Sophos et Contacts, ainsi qu'aux versions en langue anglaise, franaise, allemande, espagnole et japonaise de ce site Web." width="668" border="0" cellpadding="0" cellspacing="0">      <tr>      <td><!-- Home Nav Start --><a href="/" onmouseover="changeImages('button_bar_01', '/images/fra/framework/button-bar_01-over.gif'); return true;" onmouseout="changeImages('button_bar_01', '/images/fra/framework/button-bar_01.gif'); return true;"><img name="button_bar_01" src="/images/fra/framework/button-bar_01.gif" width="160" height="23" border="0" alt="Accueil"></a><!-- Home Nav End --></td>  <td><a href="http://www.sophos.com/" target="www.sophos.com" onmouseover="changeImages('button_bar_02', '/images/fra/framework/button-bar_02-over.gif'); return true;" onmouseout="changeImages('button_bar_02', '/images/fra/framework/button-bar_02.gif'); return true;"><img name="button_bar_02" src="/images/fra/framework/button-bar_02.gif" width="48" height="23" border="0" alt="www.sophos.com"></a></td>  <td><a href="http://www.sophos.de/" target="www.sophos.de" onmouseover="changeImages('button_bar_04', '/images/fra/framework/button-bar_04-over.gif'); return true;" onmouseout="changeImages('button_bar_04', '/images/fra/framework/button-bar_04.gif'); return true;"><img name="button_bar_04" src="/images/fra/framework/button-bar_04.gif" width="55" height="23" border="0" alt="www.sophos.de"></a></td>  <td><a href="http://esp.sophos.com/" target="esp.sophos.com" onmouseover="changeImages('button_bar_05', '/images/fra/framework/button-bar_05-over.gif'); return true;" onmouseout="changeImages('button_bar_05', '/images/fra/framework/button-bar_05.gif'); return true;"><img name="button_bar_05" src="/images/fra/framework/button-bar_05.gif" width="52" height="23" border="0" alt="esp.sophos.com"></a></td>  <td><img src="/images/fra/framework/button-bar_03-over.gif" width="55" height="23" border="0" alt="www.sophos.fr"></td>  <td><a href="http://www.sophos.it/" target="www.sophos.it"  onmouseover="changeImages('italiano', '/images/eng/framework/italiano-over.gif'); return true;" onmouseout="changeImages('italiano', '/images/eng/framework/italiano.gif'); return true;"><img name="italiano" src="/images/eng/framework/italiano.gif" width="52" height="23" border="0" alt="www.sophos.it"></a></td>  <td><a href="http://www.sophos.co.jp/" target="www.sophos.co.jp" onmouseover="changeImages('button_bar_06', '/images/fra/framework/button-bar_06-over.gif'); return true;" onmouseout="changeImages('button_bar_06', '/images/fra/framework/button-bar_06.gif'); return true;"><img name="button_bar_06" src="/images/fra/framework/button-bar_06.gif" width="48" height="23" border="0" alt="www.sophos.co.jp"></a></td>  <td><img src="/images/fra/framework/button-bar_07.gif" width="85" height="23" alt=""><img src="/images/eng/framework/grey-bar-blank-spacer.gif" width="59" height="23" alt=""></td>  <td><!-- Contact Nav Start --><a href="/companyinfo/contacting" onmouseover="changeImages('button_bar_09', '/images/fra/framework/button-bar_09-over.gif'); return true;" onmouseout="changeImages('button_bar_09', '/images/fra/framework/button-bar_09.gif'); return true;"><img name="button_bar_09" src="/images/fra/framework/button-bar_09.gif" width="54" height="23" border="0" alt="Contact"></a><!-- Contact Nav End --></td>  </tr>        <!-- End ImageReady Slices -->  <tr>  <td valign="top" bgcolor="#A2B1AE" background="/images/common/interface/spacer_a2b1ae.gif"><img src="/images/common/interface/spacer.gif" alt="" width="1" height="10">     <table summary="Organisation de la page avec liens aux sections : Infos produit, Tlchargements, Support, Infos virus, Infos socit, Infos presse, Partenaires et OEM." border="0" width="160" cellpadding="3" cellspacing="0">               <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/products/"><nobr>Infos Produits</nobr></a><!-- SOPHOS Insert products SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/downloads/"><nobr>Tlchargements</nobr></a><!-- SOPHOS Insert downloads SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/support/"><nobr>Support</nobr></a><!-- SOPHOS Insert support SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/virusinfo/"><nobr>Infos Virus</nobr></a>             <table border="0" cellpadding="2" cellspacing="0">               <tr>                 <td><img src="/images/common/interface/spacer.gif" alt="" width="1" height="2"></td>               </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/analyses"><nobr>Analyses de virus</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/hoaxes"><nobr>Canulars et craintes</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/explained"><nobr>Virus expliqus</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/articles"><nobr>Articles</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/whitepapers"><nobr>Livres blancs</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/topten"><nobr>Top ten des virus</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/notifications"><nobr>Alerte par e-mail</nobr></a></td>                 </tr>                              <tr>                     <td><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"><a class="menusub" href="/virusinfo/infofeed"><nobr>Infos en continu</nobr></a></td>                 </tr>             </table></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/companyinfo/"><nobr>Infos Socit</nobr></a><!-- SOPHOS Insert companyinfo SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/pressoffice/"><nobr>Infos Presse</nobr></a><!-- SOPHOS Insert pressoffice SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/partners/"><nobr>Partenaires</nobr></a><!-- SOPHOS Insert partners SubMenu --></td>           </tr>                      <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="/oem/"><nobr>OEM</nobr></a><!-- SOPHOS Insert oem SubMenu --></td>           </tr>                              <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="//"><nobr></nobr></a><!-- SOPHOS Insert  SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="//"><nobr></nobr></a><!-- SOPHOS Insert  SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="//"><nobr></nobr></a><!-- SOPHOS Insert  SubMenu --></td>           </tr>                     <tr>           <td><img src="/images/common/interface/spacer.gif" alt="" width="10" height="1"><a class="menumain" href="//"><nobr></nobr></a><!-- SOPHOS Insert  SubMenu --></td>           </tr>              </table>    </td>  <!-- End menu -->  <td width="500" valign="top" colspan="12"><!-- Start subheading -->  <table summary="" border="0" cellpadding="0" cellspacing="0" width="491">  <tr>  <td width="100%" align="right" valign="top"><img src="/images/common/interface/spacer.gif" alt="" width="2" height="6" border="0"></td>  </tr>    <tr>  <td width="100%" align="right" valign="bottom"><b><a href="/">Accueil </a><img src="/images/common/interface/blue.gif" width="12" height="11" alt=">">  <a href="/virusinfo">Infos Virus</a>  <img src="/images/common/interface/blue.gif" width="12" height="11" alt=">">  <a href="/virusinfo/analyses">Analyses de virus</a>  </b> </td>  </tr>    <tr>  <td width="100%" align="right" valign="top"><img src="/images/common/interface/linepointleft.gif" width="480" height="11" border="0" alt=""></td>  </tr>  </table>    <br>   <!-- End subheading -->       <table summary="" border="0" cellpadding="8" width="100%">  <tr>  <td width="100%" valign="top">   <!-- SOPHOS Header: end -->  <table border="0" cellpadding="3" cellspacing="3" width="100%">  <tr><td><h3>W32/Hawawi-A</h3></td></tr>  <tr><th class="DividerStandard" align="left" nowrap="nowrap">Alias </th></tr>  <tr><td>I-Worm.Hawawi, W32/Holar.d@MM, W32.Hawawi.Worm, Win32/Hawawi.A</td></tr>  <tr><td><img src="/images/common/interface/spacer.gif" width="1" height="1"></td></tr>  <tr><th class="DividerStandard" align="left" nowrap="nowrap">Type </th></tr>  <tr><td><a href="/virusinfo/articles/glossary.html#w32worm">Ver Win32</a></td></tr>  <tr><td><img src="/images/common/interface/spacer.gif" width="1" height="1"></td></tr>  <tr><th class="DividerStandard" align="left" nowrap="nowrap">Dtection</th></tr>  <tr><td>Un fichier IDE d'identit virale permettant de vous protger est dsormais disponible depuis la section <b><a href ="/downloads/ide/">Identits virales</a></b>, et sera intgr  la version Mai 2003 (3.69) de Sophos Anti-Virus.<p><p>Au moment o nous rdigeons cette analyse, Sophos n'a reu qu'un signalement de ce ver.</p></td></tr>  <tr><td><img src="/images/common/interface/spacer.gif" width="1" height="1"></td></tr>  <tr><th class="DividerStandard" align="left" nowrap="nowrap">Description </th></tr>  <tr><td><p>W32/Hawawi-A est un ver Internet qui tente de se propager en s'envoyant via SMTP et en utilisant les rseaux ICQ et KaZaA. </p> <p>W32/Hawawi-A a une charge destructrice. Le ver rduit  zro octet les fichiers avec les extensions suivantes : ZIP, DOC, MDB, XLS, TXT, PPT, PPS, JPG, PDF, RAR, RAM, MP3, FRM, DPR, PHP, CPP, SWF, SQL,MDE, MDE, WAV, RM, MPEG. </p> <p>Le ver est compos de quatre parties qui sont toutes places dans le dossier systme de Windows. <br><ul><li>MEDIA PLAYER.EXE envoie le ver par e-mail et en place des copies dans le dossier partag KaZaA.<br><li>SYS32 .EXE tente d'utiliser le rseau ICQ pour propager le ver.<br><li>SMTPMAILER.DLL est un fichier plugin DLL qui contient les commandes SMTP.<br><li>Le principal poseur de virus PE existe sur l'ordinateur infect sous la forme des fichiers suivants : </p> <p><tt>C:\AUTOEXEC[2].PIF <br>C:\BOOTLOG[2].PIF <br>C:\COMMAND[2].PIF <br>C:\CONFIG[2].PIF <br>C:\DETLOG[2].PIF <br>C:\IO[2].PIF <br>C:\MSDOS[2].PIF <br>C:\MSG[2].PIF <br>C:\NETLOG[2].PIF <br>C:\SCANDISK[2].PIF <br>C:\SETUPLOG[2].PIF <br>C:\SETUPXLG[2].PIF <br>C:\SUHDLOG[2].PIF <br>C:\SYSTEM[2].PIF <br>C:\&lt;Systme Windows&gt;\AINT_IT_FUNNY.PIF <br>C:\&lt;Systme Windows&gt;\ANAL_SEX_ASS_FUCKING.PIF <br>C:\&lt;Systme Windows&gt;\ANIMAL_N_BURNING_LADIES.PIF<br>C:\&lt;Systme Windows&gt;\ASIAN_GIRLS.PIF <br>C:\&lt;Systme Windows&gt;\BEAUTY_VS_YOUR_FACE.PIF <br>C:\&lt;Systme Windows&gt;\BIG_TITS_BOOBS_PUSSIES.PIF<br>C:\&lt;Systme Windows&gt;\BLACK_BABES.PIF <br>C:\&lt;Systme Windows&gt;\BROKE_ASS.PIF <br>C:\&lt;Systme Windows&gt;\COME_2_CUM.PIF <br>C:\&lt;Systme Windows&gt;\CUTE_GAYS.PIF <br>C:\&lt;Systme Windows&gt;\ENDLESS_LIFE.PIF <br>C:\&lt;Systme Windows&gt;\FAMOUS_PPL_N_BAD_SETUATIONS.PIF <br>C:\&lt;Systme Windows&gt;\GURLS_SECRETS.PIF <br>C:\&lt;Systme Windows&gt;\HARDCORE_AMATURE_NAKED_NUDE.PIF <br>C:\&lt;Systme Windows&gt;\HAWAWI.PIF <br>C:\&lt;Systme Windows&gt;\HAWAWI_N_HAWAII.PIF <br>C:\&lt;Systme Windows&gt;\HEARTS_TRANSLATOR.PIF <br>C:\&lt;Systme Windows&gt;\HOT_SHOW.PIF <br>C:\&lt;Systme Windows&gt;\HOT_TEEN_VIRGIN.PIF <br>C:\&lt;Systme Windows&gt;\HOW_TO_IMPROVE_UR_LOVE. <br>C:\&lt;Systme Windows&gt;\LEADERS_SCANDALS.PIF <br>C:\&lt;Systme Windows&gt;\LESBIAN_GIRLS_LESBO_GAY.PIF<br>C:\&lt;Systme Windows&gt;\LO0O0O0O0OL.PIF <br>C:\&lt;Systme Windows&gt;\MUSIC_DOWNLOADER.PIF <br>C:\&lt;Systme Windows&gt;\OLD_WOMEN_SEX.PIF <br>C:\&lt;Systme Windows&gt;\REAL_MAGIC.PIF <br>C:\&lt;Systme Windows&gt;\SEXY_LADIES_GETTIN_FUCKED.PIF<br>C:\&lt;Systme Windows&gt;\SHAKIRA_ASS.PIF <br>C:\&lt;Systme Windows&gt;\SHAKIRAZ_BIG_ASS.PIF <br>C:\&lt;Systme Windows&gt;\SHORT_VCLIP.PIF <br>C:\&lt;Systme Windows&gt;\SHOW_CLIP_MPEG_MOVIE.PIF <br>C:\&lt;Systme Windows&gt;\SWEET_BUT_SMILLY.PIF <br>C:\&lt;Systme Windows&gt;\TEARS_OF_HAPPINESS.PIF <br>C:\&lt;Systme Windows&gt;\TEDIOUS_SEX.PIF <br>C:\&lt;Systme Windows&gt;\TEENZ_RAPER.PIF <br>C:\&lt;Systme Windows&gt;\THE_TRUTH_OF_LOVE.PIF <br>C:\&lt;Systme Windows&gt;\UNFAITHFUL_GURLS.PIF <br>C:\&lt;Systme Windows&gt;\WET_PUSSIES.PIF <br>C:\&lt;Systme Windows&gt;\WET_PUSSY_HUGE_COCK_NICE_DICK.PIF <br>C:\&lt;Systme Windows&gt;\WHITE_AMERICA.PIF <br>C:\&lt;Systme Windows&gt;\XXX_MPEGS_DOWNLOADER.PIF<br>C:\&lt;Systme Windows&gt;\YOUNG_TEEN_HAVING_SEX.PIF</tt></ul> </p> <p>W32/Hawawi-A ajoute dans le registre l'entre suivante pour qu'elle s'excute aprs redmarrage du systme : </p> <p>HKLM\Software\Microsoft\Windows\CurrentVersion\Run\loadqm <br>= "C:\&lt;Windows system&gt;\MEDIA PLAYER.EXE" </p> <p>W32/Hawawi-A exploite la vulnrabilit IFRAME sur certaines versions de Microsoft Internet Explorer et d'Outlook Express, ce qui permet l'excution automatique des pices jointes lors de la visualisation d'un message de courrier lectronique. </p> <p>Les adresses e-mail des victimes sont extraites des fichiers HTM et HTML prsents sur l'ordinateur infect. </p> <p>Les e-mails peuvent avoir l'une des sries de caractristiques suivantes : </p> <p><b>Objet :</b> '''*&lt; Love Speaks it all &gt;*'''<br><b>Corps du message :</b> Hii<br>Try this great program allowing u to translate 100 languages . just write a passage in english and chose a language to get the traslation one of my friends used it with his arabian gf and it worked successfully :) so , Now we can say ' Love Speaks it All ' :) </p> <p><b>Objet :</b> Co0o0o0o0oL<br><b>Corps du message :</b> i thing the subject is enough to describe the attached file ! check it out and replay your opinion Cya </p> <p><b>Objet :</b> Fw:<br><b>Corps du message :</b> You're gonna love it :) delete it after reading , Professor :P </p> <p><b>Objet :</b> Heeeeeeeeeeeeeeeey<br><b>Corps du message :</b> i've got this surprise from a friend :) it really deserves a few minutes of your time. Bye </p> <p><b>Objet :</b> Wussaaaaaaaap?<br><b>Corps du message :</b> Should i email u first to email me? u don't know how much ur emails mean to me. i wish u like this email and plzz don't forget me :) Bye </p> <p><b>Objet :</b> WoW But not for NoW<br><b>Corps du message :</b> coz i couldn't get the other part of it , any way , check it out having alil thing is better than nothing :P </p> <p><b>Objet :</b> y0 Ain't Got Shyt !<br><b>Corps du message :</b> All u can get is burning ur self Coz all we can do is to watch, nothing for us to touch :( </p> <p><b>Objet :</b> Why Do We FOk?<br><b>Corps du message :</b> let me answer ,,, hummmmmmmmm Coz we Burn Our selves by watching ********** like the one i attached :P </p> <p><b>Objet :</b> Hi<br><b>Corps du message :</b> i'v got it from a group called &lt;name&gt; it really fits us , check it out carefully :) bye </p> <p><b>Objet :</b> Q &lt;--- what does it look likt?<br><b>Corps du message :</b> Hummm , It looks like something men can't live without ha? did u get it? if not , enjoy ur Eyes by Seeing it :) this one is deferent! </p> <p><b>Objet :</b> Hiiiii<br><b>Corps du message :</b> you seem to be mad @ me coz i didn't send u anything for along time, i didn't forget u , but i was busy , i've got all of ur emails thanx :) and i hope u accept this one as an apology. </p> <p><b>Objet :</b> Heeelllooo , anybody home????<br><b>Corps du message :</b> i tried many times to send u this email but ur account was out of storage as i any way , make sure that i didn't and i won't forget u :) Cya Forgotten :P </p> <p><b>Objet :</b> Why did u send me this shyt?<br><b>Corps du message :</b> THANX BUT I DON'T ACCEPT SEX MATERIALS FROM STRANGERS. I SAW THEM N I WONDERED HOW U COULD DO SO ? I REATTCH THE SHYT U SENT PLEASE DON'T EMAIL ME , </p> <p><b>Objet :</b> Re:Hi<br><b>Corps du message :</b> No thanx , keep it for you :) Bye </p> <p><b>Objet :</b> Lo0o0o0o0o0o0o0o0o0o0o0o0oL<br><b>Corps du message :</b> Measure your intelligence , the power of your mind and the speed of your reaction by answering several Qs , don't forget to send me your mark. I took 3.5/10 :P Let's see who is more intelligent than the other! Good Luck </p> <p><b>Objet :</b> hurry up !!!<br><b>Corps du message :</b> this is the last one i could find , Don't forget , send me the project in a zipped file :) Bye </p> <p><b>Objet :</b> To Early To Have Sex!<br><b>Corps du message :</b> When i saw it i didn't believe that she was only 8 yrs old. but when i saw the blood and heard the voice of her :( i got Shocked </p> <p><b>Objet :</b> Fw:Send it to all of the ppl u love<br><b>Corps du message :</b> Don't Believe ur self, I don't Love Ya :P But i Don't know why i sent this to u. Make use of it , Bye :) </p> <p><b>Objet :</b> Surprise<br><b>Corps du message :</b> I'm in a harry , Send me any clip with voice like the one i attached . And stop sending the booooring pictures Cya </p> <p><b>Objet :</b> For your elegant Taste<br><b>Corps du message :</b> elegant ppl should satisfy thier taste with elegant things :) </p> <p><b>Objet :</b> Again?<br><b>Corps du message :</b> I sent this email to another body :P and he replayed saying Thanx !! i always write your email wrongly. Hummm, if u like it replay to me , and don't forget to write ur signature to make sure that i didn't send the email to a wrong one :) Bye </p> <p><b>Objet :</b> Who are you??????<br><b>Corps du message :</b> Hi i'm fine , thanx for asking :) and thanx for the nice attachements. but unfortunately, i don't remember you i will be waiting for u emaill to remind me of your self. Hummm , i hope u accept this show as an apology. bye </p> <p><b>Objet :</b> The Spanish Beauty<br><b>Corps du message :</b> it's a mix of the Arabian beauty & the european grace ! satisfy your eyes with the beauty that u have never seen :) </p> <p><b>Objet :</b> I've Got it :)<br><b>Corps du message :</b> I've got it from KaZaA network , it seems not to be full but that's all i could find :( bye </p> <p><b>Objet :</b> Helloooooooo<br><b>Corps du message :</b> I've got your email , but you forgot to upload the attachments. Don't be selfish , i sent you all the files i have, send me anything :( bye </p> <p><b>Objet :</b> If u are booooored ...<br><b>Corps du message :</b> i found it in my Recycled , i know u love this kind of thing :) </p> <p>Le ver place par ailleurs C:\MSG.HTM, ce qui affiche le message suivant : </p> <p><tt>"MaDe iN HaWaWi <br>By ZaCker & MyLife<br>2003/03/03<br>We BeLieVe Dat Filling <br>Da HD With Data Will<br>Hurt The PC<br>Oops<br>We Could Deal With it<br>Hawa :) Bye"</tt></p></td></tr>  <tr><td><img src="/images/common/interface/spacer.gif" width="1" height="1"></td></tr>  <tr><th class="DividerStandard" align="left" nowrap="nowrap"> Gurison </th></tr>  <tr><td> Veuillez lire les <a href="/support/disinfection/worms.html">instructions pour supprimer les vers</a>. <p><b>Windows NT/2000/XP</b> </p> <p>Sous Windows NT/2000 vous devrez supprimer de la base de registre la cl suivante. Cette suppression est optionnelle sous Windows 95/98/Me. </p> <p>Dans la barre des tches de Windows, slectionnez Dmarrer|Excuter. Tapez "Regedit". L'diteur de registre s'ouvrira. </p> <p>Avant d'diter le registre, vous devrez faire une sauvegarde du registre. Dans le menu Registre, cliquez sur Exporter le fichier du registre, dans Etendue de l'exportation, slectionnez Tout puis sauvegardez votre registre. </p> <p>Recherchez l'entre sous HKEY_LOCAL_MACHINE : </p> <p>HKLM\Software\Microsoft\Windows\CurrentVersion\Run\loadqm <br>= "C:\&lt;Systme Windows&gt;\MEDIA PLAYER.EXE" </p> <p>et supprimez-la si elle existe. </p> <p>Fermez l'diteur de registre. </p> <p><b>Installation du correctif</b> </p> <p>Microsoft a publi un correctif qui protge contre la faille de l'en-tte MIME et la faille IFRAME. Celui-ci peut tre tlcharg  partir de <a href="http://www.microsoft.com/technet/security/bulletin/MS01-027.asp">http://www.microsoft.com/technet/security/bulletin/MS01-027.asp</a>.<br>(Ce correctif rsout de nombreuses failles de scurit dans les logiciels de Microsoft, incluant celles exploites par le ver.) </p></td></tr>  <tr><td><img src="/images/common/interface/spacer.gif" width="1" height="1"></td></tr>  </table>      <BR><BR><BR>  <H3 class="seealso">Voir aussi :<BR>  <IMG src="/images/common/interface/linepointright.gif" width="470" height="11" border="0"></H3>    <TABLE border="0" cellpadding="0" cellspacing="0">    <TR>  <TD align="left" valign="top" width="18"><IMG src="/images/common/interface/circuitpoint.gif" width="12" height="12" border="0" alt="*" vspace="2"></TD>  <TD><a href="/virusinfo/notifications/">Abonnez-vous au service d'alerte gratuit des nouveaux virus</a></TD>  </TR>   <TR>  <TD align="left" valign="top" width="18"><IMG src="/images/common/interface/circuitpoint.gif" width="12" height="12" border="0" alt="*" vspace="2"></TD>  <TD> <a href="/virusinfo/infofeed/">Incorporez  votre site web ou intranet des informations sur les virus</a></TD>  </TR>   </TABLE>    <!-- SOPHOS Footer: start --></td></tr></table>  <br><br><br>  </td>  </tr>  <tr>  <td width="160">&nbsp;</td>  <td valign="bottom" align="left" colspan="6">&nbsp;</td>  <td valign="bottom" align="right" colspan="6"><a href="/"><img src="/images/common/sophos-logos/sophos103x23.gif" alt="Sophos logo" width="103" height="23" border="0"></a><img src="/images/common/interface/spacer.gif" alt="" width="15" height="1"></td>  </tr>  </table>   <!-- SOPHOS Footer: end -->  </BODY>  </html> 
