Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||It deletes all of the files in every disk drive (both local and accessible network drives). It finds and eliminates antivirus program files. |
|Detection updated on:||Nov. 7, 2002|
Oror.H is a dangerous worm that deletes all of the files in the computer's hard disk as well as every network drive accesible from the infected machine. It also looks for antivirus program files in order to eliminate them.
Although Oror.H can spread very quickly through different means, it is more likely to spread by e-mail:
E-mail: the worm activates when the file attached to the message is opened or when the e-mail is viewed through Outlook's Preview pane. This is due to the fact that Oror.H takes advantage of the Exploit/iFrame vulnerability.
A file sharing application called KaZaa.
Oror.H is difficult to recognize because it is hidden in e-mail messages with variable characteristics. However, it is possible to recognize when it activates, as it displays a fake error message with the title Winzip Self-Extractor License Confirmation.
It is difficult to know if Oror.H has reached your computer, as the e-mail message that carries it has variable characteristics. However, this message includes any of the following files: [TNT]GEN.EXE, YAHOO TOOLBAR.EXE, IE_0276_SETUP.EXE, IGUANA1.0_SKIN.EXE, YAHOO!AUTUMN.EXE, BLONDES.EXE, IE50_032.EXE, IE_0274_BG.EXE, YAHOO!TOMCATS.EXE or YAHOO!CHESS.EXE.
The most evident symptom of infection that reveals the worm's presence on the system and activation is the fact that, once run, it displays the following fake error message on screen: