Malware type: Html

Aliases: Email-Worm.Win32.Aplore (Kaspersky), Worm/Aphex.1 (Avira), VBS/Aplore-A (Sophos),

In the wild: No

Destructive: No

Platform: Windows

Encrypted: No

Overall risk rating:


This nondestructive HTML file is a dropped component of WORM_APLORE.A. It opens as a page prompting the user to download and execute a browser plugin. This plugin is actually WORM_APLORE.A.

For additional information about this threat, see:

Description created: Jun. 3, 2002 5:32:23 AM GMT -0800
Description updated: Jun. 4, 2002 3:50:00 PM GMT -0800


Size of malware: 501 Bytes

Initial samples received on: Apr 8, 2002



This HTML file is a dropped component of WORM_APLORE.A. When opened, this HTML file is displayed as a page that prompts the user to download and execute the actual WORM_APLORE.A.

The page shows a fake warning message indicating that the browser needs a plugin:

html_psecure.a Browser Plugin Required Security Certificate by Verisign 2002 MD5: 9DD756AC-80E057FC-E00703A2-F801F2E3


Minimum scan engine version needed: 5.200

Pattern file needed: 1.259.00

Pattern release date: Apr 8, 2002

Important note: The "Minimum scan engine" refers to the earliest Trend Micro scan engine version guaranteed to detect this threat. However, Trend Micro strongly recommends that you update to the latest version in order to get comprehensive protection. Download the latest scan engine here.


Perform the clean instructions given for WORM_APLORE.A.

Scan your system with Trend Micro antivirus and delete all files detected as HTML_PSECURE.A. To do this Trend Micro customers must download the latest pattern file and scan their system. Other email users may use HouseCall, Trend Micro�s free online virus scanner.

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.