The following information was derived from information received from Kaspersky Labs and Sophos.

Virus Characteristics

This worm is received as a file attachment of the name "MeltingScreen.exe". When executed, the worm will e-mail itself to every entry in your Outlook address book.

The subject of the e-mail containing the worm is: "Fantastic Screensaver". The body of the e-mail is:

Hello my friend !

Attached is my newest and funniest Screensaver, I named it
MeltingScreen. Test it and tell me what you think.

Have a nice day my friend.

p.s.: Please install the Runtime Library for VB 5.0, before you
run the ScreenSaver.

Payload

Once it has e-mailed itself, it will attempt to rename all of the files ending with .EXE within the windows directory to .BIN. It will also produce the promised melting effect on the screen. Due to the enticing graphics, users may voluntarily share the worm with friends and co-workers.

The virus modifies the following key in the registry. If the key is present, the virus will not replicate itself.

Key: HKEY_CURRENT_USER\MeltingScreen\String
Value: MeltingScreen