Name : INETD.exe
Path : %WINDOWS%\INETD.exe
[ C:\Windows\INETD.exe ]
type : Internet
Name : I-Worm/Plage
Alias : W32.Plage.A@mm, ,
level : Low
is dropped by Plage worm. It is an e-mail worm, uses MAPI functions to
infect e-mail messages. The worm has an icon
similar to PKLITE self extracting program, very
similar to Win32/ExploreZip worm. The infection
method is also similar to ExploreZip worm but it
won't delete the data files in the system.
The infected attachment
name will be pics.exe, setup.exe, images.exe,
Card.EXE, joke.exe, billgt.exe, PsPGame.exe,
midsong.exe, news_doc.exe, s3msong.exe,
hamster.exe, docs.exe, tamagotxi.exe, humor.exe,
searchURL.exe or fun.exe.
When the infected file
from attach is executed, the worm gets control,
copies itself to the Windows directory with the
INETD.EXE name and registers itself in Windows
system as auto-run application: under Win9x the
worm creates the new "run=WinDir\INETD.EXE"
instruction in "windows" section in the
WIN.INI file (where "WinDir" is the
name of Windows directory); under WinNT the virus
creates a new "Run=INETD" instruction
in system registry.
hide its activity the worm displays the fake
and then the
Where "FileName" in both messages is
the name of infected EXE file that is being run.
While sending infected
messages the worm "answers" already
existing messages, so the header and message body
in infected messages may have different subjects
and bodies. It will send an email attachment
"INETD.EXE" with the content
"P2000 Mail auto-reply:
' I'll try to reply as soon as possible.
Take a look to the attachment and send me your
Get your FREE P2000 Mail now! <
If the worm starts on
Wednesday at 2:00am, it also tries to display
another Dialog box. This dialog is activated only
in case Borland class controls are installed, so
this dialog is not usual Windows installation.
The dialog contains an image of Adolf activated
under Hitler, and the texts:
Fight against the plage of inhumanity.
This is Plage 2000 coded by Bumblebee/29a.Plage
How can I protect my
Solo has incorporated INETD.EXE in its signature file to
protect users from this worm attack. Solo
antivirus registered users are already protected
from this worm. Make sure that you have installed
registered version of Solo Antivirus to protect
your system from all virus threats.
to remove this worm?
can be cleaned manually. To clean the virus in
Windows95 and 98, restart the machine in DOS mode.
Then delete "INETD.EXE" in the Windows
directory. Using the editor remove the entries
"Run=C:\windows\INETD.EXE" in "win.ini"
this worm in Windows NT, close all the programs
using Task Manager. Then delete "INETD.EXE"
in the WinNT directory. Plage worm will change
the registry to load automatically on every boot.
To remove this, open the registry using "regedit.exe"
and modify the key value from "run"="INETD" to empty
in the registry entry "HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\Current
you are already infected with INETD.EXE, you can
remove it from your computer using Solo Antivirus
software. Solo antivirus can detect and
remove W32.Plage@mm safely. Use the
following link to Download 30 day trial
version of Solo antivirus to remove
viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VB, Java scripts, Trojans,
Backdoors, boot sector, partition table and macro
purchase Solo antivirus using the link