Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » I-Worm.Netsky.ac {KAV}
Search Topic:
Uniqs:
122		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Password Vaults? »
« Please help....this is my hijack file..  
AuthorAll Replies


MapleLeaf
Premium
join:2001-09-04
Burnaby, BC

I-Worm.Netsky.ac {KAV}

I think it wasn't reported here, but if it was (I searched, honest ) - I am sorry for the dupe.

I-Worm.Netsky.ac
»www.viruslist.com/eng/viruslist.···=1413428

This worm spreads via the Internet as an attachment to infected messages, and via shared network resources. The worm itself is a Windows PE EXE file, 17920 bytes in size, packed using PE-Patch. The unpacked file is approximately 1.5MB in size. It is written in Microsoft Visual C.

The worm is only activated if the user launches the infected file by clicking twice on the attachment. The worm then installs itself to the system and starts propagating.

Mass mailing
The worm uses a direct connection to the SMTP-server to send messages.

Installation
When installing, the wom copies itself to the Windows directory under the name csrss.exe and registers this file in the system registry auto-run key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BagleAV
thus attempting to disguise itself as an antivirus working against Bagle.

Other
The worm attempts to delete registry keys created by I-Worm.Bagle.y
--
I have a soft spot for Russian made software
to forum · permalink · · 2004-04-30 00:13:40 · Reply to this
Forums » Up and Running » Security » SecurityPassword Vaults? »
« Please help....this is my hijack file..  

Friday, 27-Nov 17:17:47 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [119] Time Warner Cable Fires Broadside At Broadcasters
· [109] New AT&T Ad Campaign Hits Back At Verizon
· [95] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [70] TiVo Sees Record Customer Losses
· [68] In-Flight Internet Headed For Bumpy Landing?
· [60] Thanksgiving Open Thread
· [53] Verizon CEO: Hulu Will Be Dead Soon
· [38] EFF Wages War On Fine Print
· [38] ICANN Slams DNS Redirection
Most people now reading
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Newegg Black Friday Sale started [Users Find Hot Deals]
· Windows 7 boot manager editing questions [Microsoft Help]
· Bell Response to PIPEDA Request [TekSavvy]
· [AZ] HSI dropping with new SURFboard 6120 [Cox HSI]
· HOW-TO: QoS and Tomato (fixes "choppy voice") [MagicJack]
· Port Forwarding Stopped Working. [Verizon Fiber Optics]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]
· Leveling to 85 [World of Warcraft]
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]