Proland Software  Download Antivirus software now!

Home
Antivirus products
Download Antivirus Software
Order On-line
Support
Email
Protector Plus Antivirus Software for
Antivirus Software for Windows XP and 2000
Antivirus Software for Windows Vista
Antivirus Software for Windows Me and 98
Antivirus Software for Exchange
Antivirus Software for NetWare
Protector Plus Console
Buy Antivirus software now!


SpamChoke Antispam
Software

Subscribe to Virus Alert
Mailing List

Enter your Email
 (Ex : john@company.com)


Download Anti virus software

VBS/Numgame Worm

Blueball Information about the VBS/Numgame worm:

VBS/Numgame is an email worm. This worm will infect Windows systems. It spreads
using MS-Outlook.

The worm arrives with the following subject:

Are you (Recipients name) my valentine?

The body of the worm contains:

Hi (Recipients Name) my valentine, remember me? I ain't seen you in ages! Anyway, check-out
and play the attached guess-the-number-game to guess who I am. See you soon, bye-bye!

It carries an infected attachment GuessGame.html or GuessGame.vbe. Upon execution
of the attachment, it displays a message box with the following contents:

Guess Game instructions:
1. Save it on your computer Desktop or in My Documents, don't open as attachment else it won't load.
2. This game requires ActiveX technology, press Yes on the following dialog to play.

It creates a copy of itself into Windows system directory as GuessGame.bat, GuessGame.vbs and GuessGame.vbe. It modifies AUTOEXEC.BAT file on local and network drives to delete major system files and folders like Windows, System, Program files, Desktop, My Documents. The file extensions deleted by the worm includes .ini, .jpg, .mdb, .mp3, .ocx, .ppt, .sys, .txt, .com, .cpl, .dat, .dll, .doc, .drv, .exe, .hta, .htm, .html, .inf, .vxd, .xls, .asp, .aspx, .cab. The infected system's date is changed to 18th April 1981.

The worm makes necessary changes to registry to disable file system protection in Windows XP/2000 computers. To achieve this, it modifies registry at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop

It also deletes the following registry key.

HKEY_CURRENT_USER\Control Panel
HKEY_CURRENT_USER\InstallLocationsMRU
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Office
HKEY_CURRENT_USER\Software\Microsoft\Windows
HKEY_CURRENT_USER\Software\ODBC
HKEY_LOCAL_MACHINE\Enum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
HKEY_LOCAL_MACHINE\System

This worm first appeared on 14th February 2002.

Blueball Other names of VBS/Numgame worm:

This worm is also known as Numgame.A.


Click here to download a 30 day Evaluation Copy of
Protector Plus for your operating system

Blueball About Protector Plus Antivirus Software Packages:

Proland Software is the developer of Protector Plus range of antivirus software packages. Protector Plus is available for Windows Vista, Windows 95/98/Me, Windows XP, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS and NetWare servers.

SpamChoke Antispam Software

New:
SpamChoke Antispam Software
Download Now!

These products are updated on a continuous basis and the latest upgrades for all the platforms are made available for downloading from this site.

Click here to order
Protector Plus Antivirus software 

 Buy Antivirus software now!


You can download the 30 day evaluation copy of the
antivirus software free of cost for these platforms:
Antivirus Software for Windows XP and 2000 Antivirus Software for Windows Me and 98 Antivirus Software for Exchange Antivirus Software for NetWare


HomeAntivirus productsDownload Antivirus SoftwareOrder On-lineEmail

Copyright © 2007 Proland Sofrware. All rights reserved.


Download Anti virus software