WORM_RANSOM.FD Description

WORM_RANSOM.FD is typically downloaded from specific remote web pages by other malware, or it may be downloaded by an inexperienced user when visiting an untrusted domain. Once installed onto a computer, WORM_RANSOM.FD may modify the registry entries and system operating files in order to begin running as soon as Windows starts up. The main purpose of WORM_RANSOM.FD is to send out an email to every email address discovered on the infected machine, with itself as an attachment. The email reads as follows:

“SUBJECT:
You are a very lucky man, read this mail!

BODY:
Hi, you won a big amount of money!!! If you want to know more look at the attachment!

ATTACHMENT:
BigCashForYou.exe”

This is how WORM_RANSOM.FD spreads from system to system. Opening this email or its attachment could lead to a computer becoming infected.

Type: Worms

How Can You Detect WORM_RANSOM.FD?

WORM_RANSOM.FD has typically the following processes in memory:

• BigCashForYou.exe
• %System%\\recovery.exe
• %System%\\kkk.exe

WORM_RANSOM.FD creates the following registry entries:

• HKEY_CURRENT_USER\Identities\{0C0763B6-7496-4D73-AF61-F747E5CEBA0A}\Software\Microsoft\Outlook Express\5.0\Mail Warn on Mapi Send = “0″
• Windows Recovery Console = “%System%\recovery.exe”
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Important Article Disclaimer