Protect your system:  McAfee.com VirusScan Online 

Worm/Palyh.A is an Internet worm that spreads through e-mail by using addresses it collects in the files with the following extensions, .dbx, .eml, .htm, .html, .txt, and .wab.

The worm may arrive in via email in the following format:

From: support@microsoft.com
Subject: (it will contain one of the following)

- Your Password
- Screensaver
- Re: Movie
- Your details
- Approved (Ref: 38446-263)
- Re: Approved (Ref: 3394-65467)
- Cool screensaver
- Re: My details
- Re: My application
- Re: Movie

Attachment: (it will contain one of the following)

- movie28.pif
- application.pif
- ref-394755.pif
- approved.pif
- doc_details.pif
- your_details.pif
- screen_temp.pif
- screen_doc.pif
- password.pif

If executed, the worm copies itself in the \windows\ directory under the filename "mscon32.exe".

So that it gets run each time a user restart their computer the following registry key gets added:

- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"System Tray"="C:\\WINDOWS\\MSCON32.EXE"