- Virus is 32bit with file size of 55,808 bytes
- Virus was coded in Visual Basic 6 and requires
VB6 runtime files in order to be a threat
- If run on a host system, virus may send itself
as a single message to each contact listed in the
Outlook Address Book in this format -
Subject = Fwd:Peace BeTweeN AmeriCa And IsLaM !
iS iT A waR Against AmeriCa Or IsLaM !?
Let's Vote To Live in Peace!
Attachment = WTC.exe
Virus creates several files on the local system -
C:\Windows\MixDaLaL.vbs - 1370 bytes
C:\Windows\WTC.exe - 55808 bytes
C:\Windows\System\ZaCker.vbs - 653 bytes
The virus initiates the file "MixDaLaL.vbs" - this VBScript component contains instructions which will replace the contents of all .HTM and .HTML files in all drives with a short text, then make the attribute of those files "hidden"
Next, the virus will modify the registry to load a VBS component at next Windows startup -
The component "ZaCker.vbs" contains instructions to delete all files in the Windows folder - the component also attempts to:
- overwrite C:\AUTOEXEC.BAT with the instruction
"echo y | format C:"
- display a message "I promiss We WiLL Rule
The World Again...By The Way,You Are Captured
By ZaCker !!!"
- exit Windows
- overwrite C:\AUTOEXEC.BAT with the instruction "echo y | format C:"
- The "Company Name" field in the file
properties of WTC.exe is "ZaCker".