Skip Over Navigation Links
Center for Information TechnologyAntivirus
Antivirus Home Page
Contact Us
Questions or Comments
Disclaimers

Software
Current client downloads:
VScan Engine/Dat (SuperDat) -4.3.20/4.0.4399
VirusScan Enterprise 8.0i - Windows NT/2000/XP/2003
VirusScan Enterprise 7.1 - Windows NT/2000/XP/2003
Version 4.5.1 (install Service Pack 1) - Windows 9x/ME
Virex (OS X) Engine/Def - 7.2(v1.1)/041013
Virex (OS 9.x) Engine/Def - 6.2/041001
Linux & Solaris Engine/Dat - 4.3.20/4.0.4399
Symantec Antivirus - 9.0
Ad-aware - 6.0
Clean Boot 1.0
Stinger v2.4.0 virus removal tool (Updated 9/28/04, 3:22am)
Microsoft Patch Library
Current server downloads:
VirusScan Enterprise 7.1
NetShield NetWare - 4.6.2
NetShield NetWare Engine Update - 4.3.20
ePO agent for NetWare
Sybari Antigen - 528/966
TrendMicro - 6.810/200
ScanMail eManager - 3.0
Microsoft Patch Library

Information
Configuration Tips
VirusScan FAQs
Ad-aware FAQs
Central EMail Status
VirusScan Instructions
Additional Resources
ePO 3.0/VirusScan 7.0 Presentation

Archives
List of Viruses

Virus Archives

W32/APost Last Updated 9/05/01 10:34am

This worm arrives with the subject line:
As per your request!
The body of the email includes the text:
Please find attached file for your review.
I look forward to hear from you again very soon. Thank you.
The attachment is titled:
README.EXE

If the attachment is executed W32/APost copies itself to the WINDOWS directory, and then to the root of all local drives. W32/APost then ceates a registry to key run itself at startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
macrosoft=C:\WINDOWS\readme.exe
Next the worm sends itself out to every entry in the Microsoft Outlook Address Book. After sending itself out a pop up window appears:

Urgent

If this Open button is pressed then the worm sends out further copies of itself and then displays an error message:

Self Extractor

After OK is selected the worm terminates.

Do Not Open The Attachment!

This archive is not intended to be comprehensive. For a more complete virus library, please visit NAI's Virus Information Library at http://vil.nai.com.

Contact TASC for assistance or call
301.59.Go.CIT (V) 301.496.8294 (TDD)

 National Institutes of HealthCenter for Information Technology
National Institutes of Health
Bethesda, Maryland 20892

Questions or Comments | Disclaimers

 Department of Health and Human ServicesHealth and Human Services
Washington, D.C. 20201
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -