I have just found this on FOUR computers on my Network!

WORM_REDIST.E is a non-destructive worm that spreads via email using Microsoft Outlook, and via peer-to-peer (P2P) file-sharing networks. It also has password-stealing capabilities. It runs on Windows 95, 98, ME, NT, 2000, and XP.

Upon execution, this worm displays the following message box:

Error Starting Progam
A required .DLL file, MSVBM60.DLL, was not found.

It drops the following copies of itself into the Windows folder:

It drops the following copies of itself into the Windows system folder:

It drops the following copy into the Startup folder:

The worm creates registry entries that allow its dropped copy, WINSCZ32.EXE, to execute at every Windows startup.

This worm propagates by sending a copy of itself to all email addresses found in the infected users' address book. It uses Microsoft Outlook (MAPI) to send email with varying details. A sample of the email it sends, are as follows:

Subject: A new screensaver
Message Body: Take a look at this new screensaver in the attachments that I downloaded from the internet a while ago. If you like it, try setting it as your system screensaver Cya!
Attachment: 3DFish.scr

Subject: Your file
Message Body: Here is that file that you asked for (in the attachments). Sorry that I sent it late, I had trouble finding it on the computer.
Attachment: Picture2.pif

This worm also attempts to propagate to other P2P and chat clients. To do so, it drops the following copies of itself:

Bruce Almighty (Downloader).pif
Legally Blonde 2 (Downloader).pif
Movie - Finding Nemo (Downloader).pif
Movie - Terminator 3 (Downloader).pif
Movie - The Hulk (Downloader).pif
Movie - The Italian Job (Downloader).pif
Sinbad - Legend of the Seven Seas (Downloader).pif
into the following paths, if they exist:

%Program Files%\BearShare\Shared
%Program Files%\Grokster\My Grokster
%Program Files%\ICQ\Shared Files
%Program Files%\Kazaa Lite\My Shared Folder
%Program Files%\Kazaa\My Shared Folder
%Program Files%\KMD\My Shared Folder
%Program Files%\Limewire\Shared
%Program Files%\Morpheus\My Shared Folder
%Program Files%\Overnet\Incoming
%Program Files%\Rapigator\Share
%Program Files%\Shareaza\Downloads
%Program Files%\Tesla\Files
%Program Files%\WinMX\My Shared Folder
%Program Files%\XoloX\Downloads
This worm also drops randomly named files into the following paths:

\My Music
\My Documents\My Music
This worm also attempts to capture and send cached passwords to a remote malicious user. This function only applies on systems running Windows 95 and 98, since the API used is not available on NT-based systems. It appears that the information is being sent to the following email address:

I got this info from Trend Macro.