F-Secure Virus Descriptions : Choke
Choke is a worm that utilises MSN Messenger for spreading. It sends itself
using filenames like 'ShootPresidentBUSH.exe', 'choke.exe' and
'George.W.Bush@whitehouse.gov' as username.
When executed it copies itself to 'c:\choke.exe' and creates a key in the
registry under
'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run'
with the name 'Choke' and the value 'c:\choke.exe -blahhh' to ensure that
it will be started at every system startup. After this it exits with and
error message saying 'This program needs Flash 6.5 to run!'
It creates a file 'c:\about.txt' with this content:
Choke , Copyright ® 1886 ... A MAD CHRISTIAN
---------------------------------------
Go talk swearwords about God
You all will die, stupid humans.
You fools didn't see what you have done
Bye slut, go talk shit about me.
(Call me a 'psychophatt', but I respect the Creator of life...)
' Consider your earth '
The worm sends messages to random ICQ users (using 'xxxxxxx@pager.icq.com')
saying:
'Micro$oft invites you to use MSN Messenger!'
F-Secure Anti-Virus with the latest updates detects and removes it. To remove
it it's enough to delete the file 'c:\choke.exe'. If it's locked exit to DOS
first then delete it.
[Analysis: Gergely Erdelyi, F-Secure Corp.; June 2001]
|
![](/images/pixel.gif"){kind=tracking}
