I-Worm.Brontok!

This worm is coded in Visual Basic and spreaded via e-mails. It collects e-mail addresses from files having the following extesions: HTM, HTML, DOC, EML, PHP, TXT

It (the file) has a regular folder icon, it is easy to confuse with a real folder.

It changes the settings under the following registry keys:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

It copies itself to several locations with various name and also inserts random characters to the beginning or the ending of its file name.
 
It ensures its automatic execution by registering the followings:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot]

It attaches the virus to the infected e-mail as one of the following names: ccapps.exe, jangan dibuka.exe, kangen.exe, my heart.exe, myheart.exe, syslove.exe, untukmu.exe, winword.exe