Imav is a worm that spreads through ICQ instant messages containing links to copies of the worm. Once the user follows such a link, Imav displays an image and installs itself to the system. The worm disables essential services of installed antiviruses, firewalls and other security-related software, corrupts such software installations and deletes related files. Imav lowers security settings by preventing installed antiviruses from running on system startup.
im_1.exeim_2.exe _dwn.exe__dwn_sp.exe~[X].exe
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunim_autornHKEY_CURRENT_USERSOFTWAREMicrosoftIMEFirstRun=1