-> This is the Trojan-Downloader.Win32.Adload.hw worm. Even this file isn't executed, due to the bug.
So luckily, due to the bug in the binding, none of the viruses are executed. To clean your system, simply delete the above registry key and file."
"Analysis of vv1118.exe:
Now I went ahead and manually executed the file created in the temp folder. It attempts to use the messenger service and send this message to all computers on the network:
Searches the network for computers to infect
Tries to spread through the network using a NetBIOS vulnerability
Sends a system alert to the computers found using the Messenger service.
It looks like it affects only Windows 2000
The message sent is:
"Registry Cleaner Recommended
To fix system errorsplease do the following:
1. Download and Install Registry Cleaner from: http://www.msreg.com
2. Run Registry Cleaner
3. Reboot your computer
Failure to scan and repair systemerrors may result in system malfunction"
Comments: Looks like a case of simple spyware/adware to me smiley You shouldn't have to bother with this if all you installed was the "fix". Even if you executed this file, it'll close itself after trying to send the message across the network. It doesn't install in the registry and neither does it infect any files.
Overall, it looks like you guys got away lucky smiley But now you've learned a valuable lesson: Don't trust these files blindly even if you trust the person! And never rubbish reports that a file could contain a virus. On the net, anything is possible..."