Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


README PROCESS INFORMATION

Process Name  : Readme.exe

Process Path : %WINDOWS%\Readme.exe [ C:\Windows\Readme.exe ]

Process type    : Internet Worm

Malware Name : W32.Apost@mm

Alias             : I-Worm.APost, W32/Apost@mm, W32/Apost-A, WORM_APOST.A, W32.urgent.worm@mm or Readme

Threat level : Low

Process Details :

                    Readme.exe process is the main component of Apost Worm. It is an Internet worm uses Microsoft Outlook to spread. The worm is 24,576 bytes long and written in Visual Basic 6.0. It needs "MSVBVM60.dll" to spread otherwise it will show dll missing error. The attachment name will be "Readme.exe".

                     W32.Apost@mm worm arrives as an e-mail attachment with the name "Readme.exe". The message subject will be "As per your request!", the message body will be "Please find attached file for your review. I look forward to hear from you again very soon. Thank you".

                     While opening the e-mail attachment, the worm will copy "Readme.exe" to all mapped drives including C drive's root directory. Then it changes the registry settings to load when the system is started every time. The registry modifications are given below.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"macrosoft":="C:\Windows\readme.exe"

                     The worm displays a dialog box with the title Urgent and a button named Open. When the user clicked on the Open, the worm attempts to infect the system again and displays a false error message with the title WinZip SelfExtractor: Warning and the message CRC error: 234#21. Finally it opens the Microsoft Outlook Address book and sends email to all the email Ids stored.

                     Apost is also known as I-Worm.Readme, W32/Apost@mm, W32/Apost-A, TROJ_APOST.A, W32.urgent.worm@mm or Readme.

How can I protect my system?

                   Solo has incorporated detection for readme.exe in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this worm?

                   You can check the system manually. W32.Apost@mm creates the file "Readme.exe" in Windows folder. The presence of this file ensures you are infected with this worm.

                   If you are already infected with readme process, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove W32.Apost@mm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link