Runouce is an internet worm. When run it copies itself to the
System Directory as Runouce.exe and modifies windows registry so
it is run each time windows starts.
Searches for HTML files in the users' hard drive and modifies
them to launch the file README.EML, created in the same directory
where the HTML is found.
Sends e-mail with the following format:
Subject: <text followed by "is comming!">
From: <The sender address pretends to be one from yahoo.com>
The worm spreads itself as an attachment named pp.exe with MIME type
audio/x-wav.
It uses a static server to send messages through its own SMTP
engine.
Detection in F-Secure Anti-Virus was published on July 31st, 2002:
[FSAV_Database_Version]
Version=2002-07-31_01
[Analysis: Ero Carrera ; F-Secure Corp.; August 1st, 2002]
![](/images/pixel.gif"){kind=tracking}
