It deletes the original content of the files with certain extensions of the C: drive. It sends an hoax written in Turkish to the affected user's contact list of Outlook. It does not spread by its own means.

Windows 2003/XP/2000/NT/ME/98/95/3.X

ArmyMovement.A is a Trojan that deletes the original content of the files with the extension DOC, HTM, JPG, PPT, TIF, XLS and ZIP that it finds in the C: drive. Additionally, it sends an hoax written in Turkish to the affected user's contact list of Outlook.

It is designed to modify the message that is displayed when the computer is started to Format All Disks in order to frighten users. Due to the modifications it carries out, it could prevent the affected computer from being restarted.

ArmyMovement.A does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

ArmyMovement.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.