LHRIC > Technical Services > Virus Alert

	TECHNICAL SERVICES
	home \| search \| contact \| Virus Central
	Providing timely, reliable & cost-effective technical support

Virus Central - Detailed

Virus Information
Name:	W32.Impo.gen@mm
Aliases:	W32.Dotjaypee@mm, Win32/Japanize.Worm, I-Worm.Zircon.B, Win32.Fbound.C, W32/Fbound.c@MM, W32/FBound-C
Type:	Worm
Discovery Date:	March 14, 2002
Detection:
Virus Description:	This is a mass-mailing worm that uses the infected computer's SMTP server to send itself to all addresses in the Windows address book. It contains no payload. The email arrives with an attachment named Patch.exe. For addresses ending in .jp (Japan), there are 17 Japanese language subjects, one of which is randomly chosen each time. NOTE: Definitions dated prior to March 14, 2002 may detect this worm as W32.Dotjaypee@mm.
E-mail Subject:	"Important" (for addresses not ending in .jp) or a randomly-chosen Japanese subject (for addresses ending in .jp)
E-mail Body:	See below
Attachment:	patch.exe

Virus Effects:

This worm sends email to all addresses that it finds in the Windows address book. It uses the SMTP server of the infected
computer. The email has the following characteristics:
For email addresses that end with .jp:
Subject: One of 17 randomly chosen Japanese-text messages. A screen-shot of the possible subjects (and English
translations) follows.
Message: <empty>
Attachment: Patch.exe

For all other addresses:
Subject: Important
Message: <empty>
Attachment: Patch.exe
This worm contains no payload.

Removal Instructions:

1. Obtain the most recent virus definitions. There are two ways to do this:

Run LiveUpdate. LiveUpdate is the easiest way to obtain virus definitions. These virus definitions have undergone full quality assurance testing by Symantec Security Response and are posted to the LiveUpdate servers one time each week (usually Wednesdays) unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, look at the Virus Definitions (LiveUpdate) line at the top of this write-up.

Download the definitions using the Intelligent Updater. Intelligent Updater virus definitions have undergone full quality assurance testing by Symantec Security Response. They are posted on U.S. business days (Monday through Friday). They must be downloaded from the Symantec Security Response Web site and installed manually. To determine whether definitions for this threat are available by the Intelligent Updater, look at the Virus Definitions (Intelligent Updater) line at the top of this write-up.

Intelligent Updater virus definitions are available here. For detailed instructions on how to download and install the Intelligent Updater virus definitions from the Symantec Security Response Web site, click here.
2. Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files.
3. Run a full system scan.
4. Delete all files that are detected as W32.Impo.gen@mm.

Revision History:
March 14, 2002
Threat renamed to W32.Dotjaypee@mm
March 18, 2002
Threat renamed to Win32.Fbound.C, W32/Fbound.c@MM, W32/FBound-C

TOP