- Threat is 3272 bytes and may be named "CLRAV.EXE.vbs"
in an effort to trick users into running the file
as a component of an Antivirus scanner
- If threat is executed on a viable host, it may delete
several registry keys associated with loading certain
system monitor applications, including:
- Virus attempts to create numerous zero byte files
in the root of C: drive in an effort to delete the
C:\I HATE MELINA
C:\Windows is a real virus?
- In the last case, if the threat is excuted on a
Windows NT system, the file is instead a memory stream.
- Virus attempts to create several folders on drive
- Threat attempts to delete the folder "C:\Windows"