[sharder8]

Per Trend (Solution can be found here as well!)

Quote:

This destructive, memory-resident worm, a member of the OPASERV family of worms, propagates via shared network drives. Its destructive payloads are executed when the system date is between December 24 to 31 or when the year is greater than 2002.

This worm deletes files, overwrites the boot sector and destroys the CMOS, a critical system element which holds hardware configuration and initialization settings. These payloads leave infected systems practically unusable.

It also modifies the registry and the configuration file, WIN.INI, so that it automatically executes every Windows startup. It utilizes a known exploit that enables malicious users to access shared drives, as discussed in a security bulletin from Microsoft.

This worm runs on all Windows platforms.

Trend Micro antivirus detects this malware as TROJ_WINKILL.A with the pattern file, 413.

Harder