Welcome to the Virus Encyclopedia of Panda Security.
It carries out damaging actions on the affected computer.
It does not spread automatically using its own means.
|First detected on:||Aug. 17, 2001|
|Detection updated on:||March 15, 2005|
W32/Chainsaw is a worm that can spread through the Internet, by connecting directly to different computer ports. This worm performs highly destructive actions on hard disk sectors.
The first time it is executed, W32/Chainsaw copies itself to the WINDOWS\SYSTEM directory under the name WINMINE.EXE. Then, it goes memory resident and waits for the user to connect to the Internet.
There is a 1 in 666 chance that the worm will trigger its payload. This could be equally triggered if the file has been modified. Once activated, the worm creates a file named BBQ666.COM in the WINDOWS\SYSTEM folder and executes it. This file is in fact a dangerous Trojan which overwrites some sectors in the two first hard drives with the following text:
"THE FILM WHICH YOU ARE ABOUT TO SEE IS AN ACCOUNT OF THE TRAGEDY WHICH BEFELL A GROUP OF FIVE YOUTHS. IN PARTICULAR SALLY HARDESTY AND HER INVALID BROTHER FRANKLIN. IT IS ALL THE MORE TRAGIC IN THAT THEY WERE YOUNG. BUT, HAD THEY LIVED VERY, VERY LONG LIVES, THEY COULD NOT HAVE EXPECTED NOR WOULD THEY HAVE WISHED TO SEE AS MUCH OF THE MAD AND MACABRE AS THEY WERE TO SEE THAT DAY. FOR THEM AN IDYLLIC SUMMER AFTERNOON DRIVE BECAME A NIGHTMARE. THE EVENTS OF THAT DAY WERE TO LEAD TO THE DISCOVERY OF ONE OF THE MOST BIZARRE CRIMES IN THE ANNALS OF AMERICAN HISTORY, THE TEXAS CHAIN SAW MASSACRE..."
If the worm is executed from the hard disk root directory, it deletes the CHAINSAW.EXE file and sends the following message to the alt.horror newsgroup:
Message: WHO WILL SURVIVE
AND WHAT WILL BE LEFT OF THEM?