Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||When it has been run over thirty times, it deletes all the files it finds on the affected computer.|
|First detected on:||May 29, 2003|
|Detection updated on:||March 17, 2005|
|Yes, using TruPrevent Technologies
Holar.H is a dangerous worm, as if it is run more than thirty times, it deletes all the files it finds on the affected computer.
Holar.H spreads rapidly via e-mail. It tries to gain the users' trust by using a false sender's address in the e-mail message it uses to spread its infection. The sender of the infected message is usually: Dispatch@McAfee.com.
By doing this, Holar.H tricks the user into thinking that the message has been sent by a computer security company and running the files attached to the message, thereby infecting the computer.
Every time the affected computer is started, Holar.H sends a copy of itself to all the contacts in the Windows Address Book.
Holar.H is also programmed to spread through KaZaA, a P2P (peer-to.peer) file sharing program.
Holar.H is easy to recognize when it spreads via e-mail, as the message carrying the worm always includes two attached files. One of these files will have a PIF extension.
For a list of the possible names of the file attached to the message, click here.
Furthermore, before deleting all the files it finds on the affected computer, it displays a series of message on screen. These messages are displayed one after the other, as the user clicks on the OK button that appears in each message.