CBL Data RecoveryAbout UsStart Your Data RecoveryData Recovery ServicesData Recovery NewsContact Us
Data Recovery ServicesFree Data Recovery Service Quote
HomeData Recovery ServicesIndustry LinksStart Your Data RecoveryAbout UsContact
Why Choose CBL Data Recovery
Data Recovery Services Overview
RAID Data Recovery Services
Desktop Data Recovery Services
Laptop Data Recovery Services
Removable Data Recovery Services
Tape Data Recovery Services
Data Forensics and Investigation Services
Data Recovery Consulting Services


Frequently Asked Questions
Contact Us



 CBL - 246.420.4508
Virus Center
Virus Center


Subject: F-Secure Virus Descriptions

Name: Fizzer

Aliases: W32/Fizzer@MM, W32/Fizzer.A, Sparky

Type:

Date: 11 May 2003

THIS VIRUS IS RANKED AS LEVEL 1 ALERT UNDER F-SECURE RADAR. For more information, see: http://www.F-Secure.com/products/radar/

F-Secure is upgrading the Fizzer worm to Level 1 as this complex e-mail/p2p worm continues to spread rapidly. It is currently one of the most widespread viruses in the world.
Fizzer is a complex e-mail worm that appeared on May 8, 2003.

The worm can spread itself in e-mails and in the Kazaa P2P (peer-to-peer) file-sharing network. The Fizzer worm contains a built-in IRC backdoor, a DoS (Denial of Service) attack tool, a data-stealing Trojan (uses external keylogger DLL), an HTTP server and other components.

The worm has the functionality to kill the tasks of certain anti-virus programs. Additionally, the worm has automatic updating capabilities.
The Fizzer worm spreads in e-mails as an attachment with .EXE, .PIF, .SCR and .COM extensions.

The worm randomly selects attachment names and message subjects and bodies from its internal lists. It collects e-mail addresses from Windows and Outlook Address Books on an infected computer and from different files on a hard disk.

Spreading in e-mails The Fizzer worm collects e-mail addresses from Windows and Outlook Address Books on an infected computer and from different files in personal folders, cookie folders, the recently opened files folder and Internet cache directories. The worm sends itself in e-mail messages to all the addresses it finds.

The worm randomly selects subjects, bodies and attachment names from its large internal lists. The worm can use the names of innocent files from an infected system's hard disk for its attachment. Attachment extensions can be either .EXE, .PIF, .SCR or .COM. The worm fakes sender's e-mail address.

Manual disinfection instructions To get rid of the worm, it is enough to delete its files from the Windows main directory and from the Kazaa shared folders. Please download and execute the following Registry patch: ftp://ftp.europe.f-secure.com/anti-virus/tools/fix_fizz.reg

After applying the patch, restart your system. After the restart you can delete the following files from your Windows main directory manually:

ISERVC.DLL
PROGOP.EXE
ISERVC.EXE
INITBAK.DAT

If you are using F-Secure Anti-Virus, please scan all you hard disks after restarting your computer. FSAV version 5.40 and later will rename all the files of the Fizzer worm automatically. If you have FSAV 5.31 or an earlier version, please select "Rename" as the disinfection action.

Prevention

While the virus could be a security threat for infected companies and home users, it hasn't yet spread very widely.

Removal

Disinfection tool F-Secure provides a special disinfection tool for the Fizzer worm.
The tool can be downloaded freely from our ftp site:

ftp://ftp.europe.f-secure.com/anti-virus/tools/f-fizzer.zip
Disinfection instructions can be found here:

ftp://ftp.europe.f-secure.com/anti-virus/tools/f-fizzer.txt

http://www.europe.f-secure.com/v-descs/fizzer.shtml

Rush Service
Get your data back in as little as 24 hours.
Standard Service
Get your data back in 3-5 days.
Contact Us
Contact a data recovery representative now.
Emergency | Data Recovery | Start A Recovery | Data Recovery Advantage
Data Recovery Services | RAID Data Recovery | Hard Drive Recovery | Laptops | Tape Recovery | Removable Disks | Data Forensics | Remote Data Recovery | Press Room | Shipping | About Us | Contact Us | Privacy Statement | Site Map

07/04/09
IDEMA Data Recovery MemberData Storage Institute Member