Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||It deletes the content of all the directories on the computer, except for those belonging to programs that are active.
MS-DOS; Windows XP/2000/NT/ME/98/95
|First detected on:||Nov. 25, 2002|
|Detection updated on:||Nov. 25, 2002|
HTML.Winevar is a dangerous worm, as it deletes the content of the directories on the affected computer, except for those belonging to active programs. In addition it drops another virus called Funlove.4099.Dr in the affected computer.
HTML.Winevar reaches computer hidden in an e-mail message with three attachments: WINXXX.TXT, WINXXX.GIF and WINXXX.PIF.
HTML.Winevar exploits an Internet Explorer vulnerability, which allows the computer to be infected when the message carrying the worm is viewed through Outlook’s Preview Pane, without needing to run the attachment. The code used by Winevar to carry out this action is detected by Panda Security as Exploit/Iframe.
A clear indication that HTML.Winevar has infected a computer is that the message below is displayed when the affected computer is restarted:
This window will probably appear several times.
If the user clicks OK, HTML.Winevar start deleting the content of the directories on the affected computer, except for those corresponding to the programs that are active at the time.