Fvprotect.exe
What is it?
WORM_NETSKY.P
-
FVPROTECT.EXE
What does it do?
This NETSKY variant propagates via email using its own Simple Mail Transfer Protocol (SMTP) engine.
It exploits a known vulnerability affecting Internet Explorer involving incorrect MIME Header (MS01-020), which allows the automatic execution of email attachments while an email is read or previewed. More information on this vulnerability is available at:
The email that it sends out has varying subjects, message bodies, and attachment file names. It gathers email addresses from files with certain extension names.
It also attempts to propagate via network shares by dropping copies of itself on certain folders found in the affected system.
It deletes several autorun registry entries in an attempt to prevent the automatic execution of BAGLE, NACHI, MYDOOM and DEADHAT worms. It also deletes certain registry keys.
Removal:
Trend Micro has the full dirt ( HERE )