Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||It modifies a web page hosted by affected servers. It spreads via e-mail, IRC chat and IIS Web servers.|
|Detection updated on:||Nov. 13, 2002|
|Yes, using TruPrevent Technologies
Gokar.A is a worm uses the following means of transmission to spread to other computers:
E-mail messages with variable characteristics, to which the worm is attached.
Automatically sending the file KAREN.EXE via IRC chat .
Voluntarily downloading the file WEB.EXE from a Web page hosted by affected IIS Web servers.
Gokar.A is considered dangerous, as it modifies web pages hosted by affected IIS Web servers. The objective of this is to get users who visit the web page to download the worm (WEB.EXE).
It is difficult to recognize the e-mail message that carries Gokar.A at first sight, as its characteristics vary on each occasion:
However, it is easier to identify Gokar.A when it spreads through the following means:
- Affected Web IIS servers: the virus hides in a file called WEB.EXE, which users may download from a web page with the text We Are Forever.
- Chat: Gokar.A hides inside a file called KAREN.EXE.