Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


CREATIVE.EXE PROCESS INFORMATION

Process Name  : Creative.exe

Process Path : C:\WINDOWS\Start Menu\Programs\Startup\Creative.exe

Process type    : Internet Worm

Malware Name : W32.Prolin.A@mm

Alias             : I-Worm.Prolin, W32.Prolin-A, WORM_PROLIN.A

Threat level : Low

Process Details

                     Creative.exe is dropped by Prolin worm. It is an Internet worm, uses Microsoft Outlook to email itself. The worm is 36,834 bytes long {37and written in Visual Basic 6. It needs "MSVBVM60.dll" to spread otherwise it will show DLL missing error. The e-mail attachment name will be "Creative.exe".

                     While opening the e-mail attachment, the worm will copy "Creative.exe" to root directory of C drive and Windows startup folder C:\WINDOWS dir\Start Menu\Programs\Startup\Creative.exe. So the creative.exe file is loaded automatically whenever the system is started.

                     It opens the Microsoft Outlook Address book and sends email to all the email Ids stored. The message subject will be "A great Shockwave flash movie", the message body will be "Checkout this new flash movie that i downloaded just now... It's Great. Bye" and the attachment name will be "Creative.exe". It will show similar icon to the shockwave movie.

                     After that it will send a notification message to the virus author with subject "Job complete". It send this message to a yahoo id z14xym432@yahoo.com with message body "Got yet another idiot".

                     The payload of this worm is somewhat different. It searches for files with extensions *.ZIP, *.MP3 and *.JPG and moves them to the C drive root directory. It also adds the string "Change atleast now to LINUX" to each file extension. For example XYZ.JPG will be renamed to XYZ.JPGchange atleast now to LINUX.

                     The worm also creates a file "C:\messageforu.txt" in the root directory of C drive and stores the moved files information. At the start of this file it stores the following text strings.

"Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. i could have done far better damage, i could have even completely wiped your harddisk. Remember this is a warning & get it sound and clear... - The Penguin"

How can I protect my system?

                   Solo has incorporated creative.exe in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this worm?

                   If you are already infected with creative.exe process, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove W32.Prolin@mm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link