FANDOM


Email-Worm.Win32.Pikachu or Pikachu is a worm that spreads through email, this was the first worm that aims teenage users, and it is written in Visual Basic 6.0.

BehaviorEdit

It was sent in the form of an email, and named after the character existing in the Pokémon franchise. This worm spreads via the Internet using Microsoft Outlook and spreads in E-Mail letters with the attached file "PikachuPokemon.exe". The icon is a crudely drawn Pikachu. The worm itself is a Win32 PE executable file, and the file size is about 32 KB.

When the worm runs, first of all it overwrites the original C:\AUTOEXEC.BAT file with instructions that will delete all files in the Windows and Windows system directory. It displays a picture of Pikachu and some text:

Between millions of people
around the world I found you.
Don't forget to remember this day
every time MY FRIEND!

Visit us at http://www.pikachu.com

It searches the address book of Microsoft Outlook and creates letters for e-mail addresses in the Outbox folder.

Pikachu Virus Icon

The icon

Subject:
Pikachu Pokemon.

Text:
Great Friend!

Pikachu from Pokemon Theme have some friendly
words to say.
Visit Pikachu at http://www.pikachu.com

See you.

And to each letter, the worm attaches itself as the file PikachuPokemon.exe.

The worm was sent to everyone in that person's address book and it would add the following lines to AUTOEXEC.BAT, which is located in the root directory of the drive Windows 95/98/ME was installed on. (i.e. C:\autoexec.bat). These lines were as follows:

@echo off
del C:\WINDOWS\*.*
del C:\WINDOWS\SYSTEM\*.*

PayloadEdit

Its payload is delivered after resetting the computer. According to the batch file overwritten by the worm, it attempts to delete all the files in C:\WINDOWS and also its subdirectory SYSTEM, however the system will prompt for this action, making the user to notice that some files have been modified maliciously. This also fails if the Windows directory is not in C:\WINDOWS.

TriviaEdit

The website featured (http://www.pikachu.com/) just redirects to Pikachu's entry on the Pokémon Pokédex site.

Other detailsEdit

A user could also tell that it was unofficial due to the lack of proper grammar.

Did you know?Edit

File deletion command is always prompted on issuing in Windows GUI, but not in command line, however the system will prompt when the user attempts to delete all files in any type in a certain directory, this is a security measure. Here are some examples of file deletion in command line mode.

Execute without prompt:

C:\MYFOLDER>del myfile.doc
C:\MYFOLDER>del myfile.*
C:\MYFOLDER>del *.doc

Prompt before execution:

C:\MYFOLDER>del *.*

However in the DOS version of command line, including Windows 9x systems, there is no method to bypass this.

VideosEdit

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.