is an Internet worm that also contains a compressed copy of the new variant of Win32:Elkern virus, which is dropped and executed when the worm is run. It is quite similar to the other variants of this dangerous virus.
This worm searches for email address entries in the Windows address book, in ICQ list and in the files on the disk. It uses its own mailing routine.
The infected email has the following characteristics:
Attached file: Random name with the extension .PIF, .SCR, .EXE or .BAT. It also sends some randomly chosen data file from the infected computer.
The sender address which appears in a message is chosen from a list inside the worm, so the real sender is not the one written in the message.
The worm attempts to use the well known MIME security hole in the MS-Outlook, MS-Outlook Express, and Internet Explorer to run the attachment automatically.
The worm copies itself to the Windows System directory under a random filename. Then it adds the registry key in the section HKLM\Software\Microsoft\Windows\CurrentVersion\Run to let execute itself on Windows startup. The worm may is also able to spread to remote shared disks on the network using random filenames. It also tries to disable several anti-virus products and delete some anti-virus related files.
Any avast! with VPS file dated on or after 17th April 2002 is able to detect this worm.Refer: Avast