The Sonic Worm spreads through email with the subject: Choose your poison or I am your poison and no body text. The infected email attachment can be either girls.exe or lovers.exe. The Sonic Worm is activated by opening the infected attachment. The Sonic Worm displays a message containing one of the following text:
Girls.exe is not a valid Win32 application.
Lovers.exe is not a valid Win32 application.
The Sonic Worm replicates itself under the Windows/System directory as GDI32.exe and changes the registry entry at the following location:
If the user detects a program with the name gdi32a.exe, it is likely that the PC is infected with the Sonic Worm. Sonic Worm performs a number of malevolent acts such as stealing data from the user's PC (such as passwords, credit card numbers, bank account numbers), monitoring the user's online activity, infecting other PC's through the user's email system, and taking total remote control of the user's computer. The most dangerous feature of the Sonic Worm is its ability to respond to the specific instructions of the creator. The user's important financial records, for example, may be deleted. If you detect the Sonic Worm remove it immediately.
File System Details
Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.