W32.HLLW.Cydog@mm is a mass-mailing worm that spreads by email. This worm uses Microsoft Outlook to send itself to the contacts in the Outlook Address Book:
The email will have a random subject chosen from a predetermined selection.
The attachment will have a random file name chosen from a predetermined selection, with a file extension of .exe or .scr.
W32.HLLW.Cydog@mm also attempts to spread using the KaZaA, eDonkey2000, Bearshare, Grokster, and Morpheus file-sharing networks. The worm attempts to terminate the active processes of various antivirus programs and system utilities.
W32.HLLW.Cydog@mm also attempts to delete:
Program files that Norton AntiVirus products use
Files shared by various Symantec programs, including the virus definition files
W32.HLLW.Cydog@mm is a Visual Basic application that is packed with UPX 1.24.
Infection Length: 34,816 bytes
Systems Affected: Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP
Systems Not Affected: Windows 3.x, Microsoft IIS, Macintosh, Unix, Linux