Virus.Win32.Adjunto.A@mm is a worm on Microsoft Windows that was discovered on January 22, 2007. It has a long infection length (over 364000 bytes) and infects Windows 95, 98, ME, 2000, and XP. It tends to show its messages in Spanish.

Technical details

Once executed, the worm copies itself as:

The worm creates the following registry entry so that it is executed every time Windows starts:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"svchost" = "%Windir%\svchost.exe"

The worm then creates the following registry subkey and value:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\System7154\"GL" = "[DATE]"

The worm opens a back door on the compromised computer on TCP port 7154.

The worm displays a dialog box with one of the following texts:

  • "System Failure #7154"
  • "I'm not a puppet. I am a grenade"
  • "You has been infected with System.7154N"

The worm spreads by sending a copy of itself as an attachment to email addresses gathered from the compromised computer. The email has the following characteristics:

"No me olvido de ti"

"te pongo adjunto u screen saver espero que te guste a mi me parecio cuando menos interesante saludos!!!!!!"

The zip file attachment contains one of the following file names:

  • Best_pictures1992.exe
  • Fidel Castro.exe
  • Shakira_comico.exe
  • VIH.exe
  • administracion de redes.exe
  • amor.exe
  • base de datos.exe
  • bola magica.exe
  • calientitas.exe
  • carta de amor.exe
  • chistes.exe
  • conversador.exe
  • encuesta.exe
  • famosas.exe
  • fucker_bromas.exe
  • hacking en espanol.exe
  • mide tu inteligencia.exe
  • mujeres.exe
  • muy gordas.exe
  • penetracion segura.exe
  • querida lisa.exe
  • revelacion.exe
  • sexo seguro.exe
  • te quiero decir....exe
  • te quiero.exe
  • test.exe
  • tu futuro.exe
  • vahinas.exe
  • zodiaco.exe
  • zoofilia.exe

The worm closes windows with the following titles:

  • Windows security alert
  • Alerta de seguridad de windows

It scans the compromised computer and infects any .exe files it finds except those found in the following folders:

  • %Windir%
  • %ProgramFiles%

External links

Community content is available under CC-BY-SA unless otherwise noted.