Name : Readme.exe
Path : %WINDOWS%\Readme.exe
[ C:\Windows\Readme.exe ]
type : Internet
Name : W32.Apost@mm
Alias : I-Worm.APost,
W32/Apost-A, WORM_APOST.A, W32.urgent.worm@mm or
level : Low
process is the main component of Apost Worm. It is an
Internet worm uses Microsoft Outlook to spread.
The worm is 24,576 bytes long and written in Visual
Basic 6.0. It needs "MSVBVM60.dll" to
spread otherwise it will show dll missing error.
The attachment name will be "Readme.exe".
W32.Apost@mm worm arrives as an e-mail
attachment with the name "Readme.exe".
The message subject will be "As per
your request!", the message body
will be "Please find attached file
for your review. I look forward to hear from you
again very soon. Thank you".
While opening the e-mail
attachment, the worm will copy "Readme.exe"
to all mapped drives including C drive's root
directory. Then it changes the
to load when the system is started every time.
The registry modifications are given below.
The worm displays a
dialog box with the title Urgent and a
button named Open. When the user clicked
on the Open, the worm attempts to infect the
system again and displays a false error message
with the title WinZip SelfExtractor: Warning
and the message CRC error: 234#21. Finally it opens the
Microsoft Outlook Address book and sends email to
all the email Ids stored.
Apost is also known as I-Worm.Readme,
W32/Apost@mm, W32/Apost-A, TROJ_APOST.A, W32.urgent.worm@mm
How can I protect my
Solo has incorporated
detection for readme.exe in its signature file to
protect users from this worm attack. Solo
antivirus registered users are already protected
from this worm. Make sure that you have installed
registered version of Solo Antivirus to protect
your system from all virus threats.
to remove this worm?
can check the system manually. W32.Apost@mm
creates the file "Readme.exe"
in Windows folder. The
presence of this file ensures you are infected
with this worm.
you are already infected with readme process, you
can remove it from your computer using Solo
Antivirus software. Solo antivirus can
detect and remove W32.Apost@mm safely.
Use the following link to Download 30 day
trial version of Solo antivirus to
remove viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VB, Java scripts, Trojans,
Backdoors, boot sector, partition table and macro
purchase Solo antivirus using the link