Article ID: 234937 - View products that this article applies to.
This article was previously published under Q234937
This article has been archived. It is offered "as is" and will no longer be updated.
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/256986/EN-US/ )Description of the Microsoft Windows Registry
Worm.Explore.Zip is a worm or Trojan horse that uses Messaging Application Program Interface (MAPI) capable e-mail programs on Windows-based computers to propagate itself.
The worm uses MAPI commands to propagate itself. An e-mail message is created with the worm as an attachment using the Zipped_files.exe filename. The body of the e-mail message may appear to come from a known e-mail correspondent and may contain the following text:
Hi Recipient Name !The worm determines who to send mail to and what names to use based on the contents of the user's Inbox. You should delete any mail containing an attachment with the name "Zipped_files.exe" without opening the attachment.
I received your email and I shall send you a reply ASAP.
Till then, take a look at the attached zipped docs.
If you run the attachment, you may receive the following error message:
Explore.Zip copies itself to the C:\%SystemRoot%\System folder with the filename Explore.exe and then modifies the Win.ini file to run itself each time Windows is started. The worm then uses your e-mail client to collect e-mail addresses to propagate itself.
Cannot open file: it does not appear to be a valid archive. If this file is part of a ZIP format backup set, insert the last disk of the backup set and try again. Please press F1 for help.
Additionally, Explore.Zip also searches all local and network mapped drives of your computer and arbitrarily selects a series of files to destroy by setting the file size to 0 bytes. This can result in data loss.
Normal methods of virus protection should be employed to protect your environment from this virus. Virus scanning programs should be updated with the latest signature files and any other appropriate steps to prevent the virus from entering your environment should be employed. Specific questions regarding your virus software's ability to detect and clean this virus should be directed to your Anti-Virus software vendor. To remove the worm virus on the client side, perform the following steps:
For Windows 95 or Windows 98
For Windows NT
Outlook Attachment Security PatchFor additional information about Outlook and security for e-mail attachments, please see the following article in the Microsoft Knowledge Base:
235309The following sites contain additional information on the ExploreZip worm:
(http://support.microsoft.com/kb/235309/EN-US/ )Outlook E-mail Attachment Security Update
Network Associates, Inc.: http://www.nai.com/
Trend Micro: http://us.trendmicro.com/us/home/
Article ID: 234937 - Last Review: November 1, 2013 - Revision: 7.0