Readme.exe
Readme.exe is a malicious executable file and a key component of a mass-mailing Apost worm. When the file of the W32.Apost@mm is executed, it displays a message box with the one big button named 'Open' and 'Urgent' as caption. After a user clicks the 'Open' button, W32.Apost@mm displays a fake error message: 'WinZip SelfExtractor: Warning' and 'CRC error: 234#21'. Then W32.Apost@mm checks if it is already installed in a PC system. W32.Apost@mm looks for the Readme.exe file in Windows folder and creates it doesn't exist. Readme.exe then modifies the registry; it adds 'macrosoft' subkey to the current user's application autostartup key: The 'macrosoft' subkey includes a full path for the file of the W32.Apost@mm.
W32.Apost@mm also replicates as Readme.exe to install directories of all drives that are available for writing (local and network drives where the current user has write access). Finally, Readme.exe connects to Microsoft Outlook, gets the user's mail server login and password and copies itself by sending an infected message to all email addresses found in Outlook's address book. W32.Apost@mm's file is attached to an infected message as Readme.exe file. W32.Apost@mm will infect a remote computer only when a recepient runs the malicious attachment. Infected messages are deleted after they are sent. It is recommended to delete Readme.exe immediately upon detection to prevent infection of the W32.Apost@mm.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | c:\readme.exe | |
| 2. | %ProgramFiles%\dwimn\readme.exe | |
| 3. | %ProgramFiles%\monrs\readme.exe | |
| 4. | %ProgramFiles%\versekulo\src.dll | |
| 5. | %Programs%\startup\massacre.exe | |
| 6. | %Temp%\ir_ext_temp_0\autoplay\docs\readme.exe | |
| 7. | %Temp%\skmw\readme.exe | |
| 8. | %System%\cdd\readme.exe | |
| 9. | %Windir%\ampatuan.exe | |
| 10. | %Windir%\k.exe | |
| 11. | %Windir%\p2p.exe | |
| 12. | %Windir%\regangen.exe | |
| 13. | c:\kernel32.exe | |
| 14. | %ProgramFiles%\cinvig\readme.exe | |
| 15. | %ProgramFiles%\microsoft update\readme.exe | |
| 16. | %ProgramFiles%\versekulo\readme.exe | |
| 17. | %ProgramFiles%\wssin\readme.exe | |
| 18. | %CommonPrograms%\startup\readme.exe | |
| 19. | %Temp%\readme.exe | |
| 20. | %System%\angen.exe | |
| 21. | %System%\serial.exe | |
| 22. | %Windir%\freegames2008.exe | |
| 23. | %Windir%\mswinxpa_sp3upd.exe | |
| 24. | %Windir%\readme.exe | |
| 25. | %Windir%\winamp.exe | |
| 26. | c:\67readme.exe | |
| 27. | %UserProfile%\readme.exe | |
| 28. | %ProgramFiles%\kernel32.exe | |
| 29. | %ProgramFiles%\skmw\readme.exe | |
| 30. | %ProgramFiles%\versekulo\verse.exe | |
| 31. | %CommonPrograms%\startup\office_viewer.exe | |
| 32. | %Temp%\ixp000.tmp\readme.exe | |
| 33. | %System%\ampatuan.exe | |
| 34. | %System%\readme.exe | |
| 35. | %Windir%\er.exe | |
| 36. | %Windir%\message_helpme.exe | |
| 37. | %Windir%\pussy_massacre.exe | |
| 38. | %Windir%\virus_remover.exe |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.