i-worm.energy.
Webroot Antivirus: The best protection against viruses, spyware data theft and hackers.
Description:
Details
I-Worm.Energy.a
This is an Internet worm spreading in attached RAR archives. The worm arrives to a computer as a SETUP.EXE file in an RAR archive that is attached to a message.
When the worm is started (executed from an infected RAR archive), it copies itself to the Windows system directory with the ENERGY.EXE name, registers itself as a system service and stays in the system memory. In the background, the worm then looks for processes that use the MAPI library (e-mail library), copies itself to these processed, and hooks the MAPISendMail function. When a message with an RAR file attached is sent, the worm opens the archived RAR, and copies itself there with the name SETUP.EXE. As a result, all RAR archives that are sent from an infected machine contain a SETUP.EXE file with the worm body in it.
The worm contains the text:
[I-Worm.Energy] by Benny/29A
Copyright @2006 i-worm.energy.