SPREADS USING IE SECURITY HOLE
Virus Name : I-Worm/Blebla
Alias : I-Worm/Verona,
Virus type : Internet
level : Medium
aka I-Worm/Verona is an e-mail worm that exploits security
vulnerabilities in Microsoft Internet Explorer.
The infected e-mail contains two attachments
namely MyRomeo.exe and MyJuliet.CHM. The
attachments are embedded within the e-mail and it
won't visible to the user. The worm is written in
Borland Delphi and compressed with UPX file
When viewing the e-mail,
the HTML code is executed first. The script
stored within the HTML executes the CHM file.
Then the CHM file takes control and executes
MyRomeo.exe. It opens the windows address book
and sends e-mail to all the users with worm
attachments. It uses different SMTP servers
located in Poland to send e-mail and also posts
messages to alt.comp.virus news group.
subject line is randomly selected from the
ble bla, bee
I Love You ;)
Hey you !
Matrix has you...
is a modified variant of Blebla worm. It is also
packed with UPX compressor, uses the same
techniques to infect. The infected e-mail contains two
attachments namely XRomeo.exe and XJuliet.CHM. It
changes several registry keys when infecting the
machine and it should be fixed before deleting
the main worm file SYSRNJ.EXE stored in
clean this worm, use REGEDIT.EXE and change the
registry entry HKEY_CLASSES_ROOT\.reg
="regfile" manually [In
some cases, you should rename REGEDIT.EXE to
REGEDIT.COM to edit registry].
Now you can run *.REG files. Then copy the
following contents in a text file with .REG
extension and double click it using explorer. Now
the registry settings fixed. Then run SoloLite
and delete all infected files. Solo windows
version won't require any manual recovery. It
automatically fixes all registry entries.
The registry settings assumes you have installed
Microsoft Office 97 or above ]
message subject of Blebla worm will be one of the
where is my juliet ?
where is my romeo ?
last wish ???
Caution: NEW VIRUS !
contains a dangerous payload and it will
overwrite the files with worm code when you try
to access the files with following extensions:
.AVI, .BMP, .DOC .GIF, .JPG, .JPEG, .JPE .LHA,
.MP2, .MP3, .MPG .RAR, .REF, MPEG, .VQF .WMF,
.WMA, .WMV, .XLS, .ZIP.
How can I protect my
Solo has incorporated Blebla
worm in its
signature file to protect users from this worm
attack. Solo antivirus registered users are
already protected from this worm. Make sure that
you have installed registered version of Solo
Antivirus to protect your system from all virus
security patches to close this hole long back. If
you haven't installed, you can get a copy at http://www.microsoft.com/technet/security/bulletin/ms99-032.asp
to remove this worm?
you are already infected with this worm, you can
remove it from your computer using Solo Antivirus
software. Solo antivirus can detect and
remove Blebla worm and its variants safely.
Use the following link to Download 30 day
trial version of Solo antivirus
remove viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VB, Java scripts,
Trojans, Backdoors, boot sector, partition table
and macro viruses.
purchase Solo antivirus using the link