Welcome to the Virus Encyclopedia of Panda Security.
It looks for antivirus program and firewall directories and deletes the files they contain. It looks for antivirus and firewall processes and ends them.
|First detected on:||Jan. 23, 2003|
|Detection updated on:||March 16, 2005|
|Yes, using TruPrevent Technologies
Oror.Q is a dangerous worm that looks for files corresponding to antivirus programs and firewalls in order to delete them. It also looks for processes corresponding to those security tools and ends them.
Oror.Q spreads across computers connected to a network drive, though it mainly spreads via e-mail.
When Oror.Q spreads via e-mail, it is automatically activated when the e-mail message is viewed through Outlook's Preview Pane. It does this by exploiting a vulnerability in Internet Explorer, which allows e-mail attachments to be automatically run. This vulnerability exploit is known as Exploit/iFrame.
It is important to highlight that Oror.Q only looks for files on the C: drive, therefore if the security tool is installed on other drive in the affected computer, it will not be deleted.
Oror.Q is difficult to recognize before it affects the computer, as the e-mail message carrying the worm has variable characteristics.
However, a clear indication that Oror.Q has affected a computer is the following error message displayed on screen: