This is a virus-worm that spreads via the Internet attached to infected e-mail. The worm itself is a Windows PE EXE file about 30Kb in length (compressed by UPX, 76K decompressed), and it is written in Microsoft Visual C++. Infected messages appear as follows: The worm activates from infected e-mail only when a user double-clicks on the attached file. The worm then installs itself to the system and runs a spreading routine. While installing, the worm copies itself to: c:egctrl.exe - under Win9x/MEc:ecycledegctrl.exe - under WinNT/2K/XP