Upon first execution, this worm displays a message box with these text strings:
Title: Fatal Error #6834
An unknown error has occurred at #000.1092.
Then, it copies itself in the Windows folder and then creates the following registry entry so that its copy executes at system startup:
It also modifies the system file, WIN.INI, to automatically execute during Windows startup. The modified [windows] section of WIN.INI appears as follows:
It also drops a MICROSOFT420.INI file in the Windows folder.
This worm uses AOL6 to send out copies of itself as an attachment in an email with the following details:
Subject: Fwd: This is some NASTY stuff! =)
Message Body: I have never seen something this nasty! You have to see it for yourself�
Stealing AOL Passwords
Aside from sending email, this worm steals AOL passwords and then sends these to its author at the email address, email@example.com.
This worm contains the following text strings:
SOFUNNY AOL PWS for version 4, 5, & 6. Now a Worm too! By Menace.