Theme

Welcome · log in · join

Forums → The Site → Old Forums →

Security Cleanup → Site did not produce results:

uniqs
1

« [Malware] malware help needed • [Malware] Web browser searches hijacked/redirected »

This is a sub-selection from [Malware] Machine can only boot in safe mode

mrwood join:2000-08-16 Wayne, NJ	mrwood to LoPhatPhuud Member 2010-Jun-5 7:14 pm to LoPhatPhuud Site did not produce results: Submitted and website stated the following: File has already been analysed: But no info given and buttons were grayed out. When I searches dl.exe found the following. What is it? dl.exe is a file associated with the W32.Bagz@mm worm What does it do? W32.Bagz@mm is a mass-mailing worm that uses its own SMTP engine to send itself to email addresses gathered from the infected computer. When W32.Bagz@mm is executed, it does the following: Creates the following copy of itself: %System% utorial.doc .exe Note: %System% is a variable that refers to the System folder. By default this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP). Adds the value: "syslogin.exe" = "syslogin.exe" to the registry key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun so that the worm is executed every time Windows starts. Creates the following files: %System%dl.exe %System%syslogin.exe Disables the Windows firewall. Downloads and executes remote files. Installs its own network driver to bypass local firewalls. Mark
	· actions · 2010-Jun-5 7:14 pm · (locked)
mrwood	mrwood Member 2010-Jun-5 7:50 pm I decided to reinstall windows. Thanks for all your help. Wanted to let you know that I will be reinstalling windows and won't need assistance anymore. Thanks, Mark
	· actions · 2010-Jun-5 7:50 pm · (locked)

Forums → The Site → Old Forums → Security Cleanup	« [Malware] malware help needed • [Malware] Web browser searches hijacked/redirected »
This is a sub-selection from [Malware] Machine can only boot in safe mode