Pathhunt.1231
Description Pathhunt.1231
It is a dangerous nonmemory resident encrypted parasitic virus. It searches for .COM and .EXE files and writes itself to the end of the file. While infecting the virus converts the EXE files to COM format, it also renames the file being infected to the name 'PATHHUNT', infects it, and then renames back to original name. The virus corrupts the .DBF files, contains the text:
*.COM *.DBF *.EXE PATHHUNT PATH=
Check other viruses! Be aware! Use Antiviral Software
I-Worm.LoveLetter.b
Description I-Worm.LoveLetter.b
I-Worm.LoveLetter.b (see also I-Worm.LoveLetter) destroys all files with extensions INI and BAT instead of files with extensions JPG and JPEG. It sets another start page for Internet Explorer, and the message is different.
The letter's subject is:
Mothers Day Order Confirmation
Message body:
We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place.Thanks Again and Have a Happy Mothers Day! mothersday@subdimension.com
Attached file name:
mothersday.vbs
I-Worm.Lovelorn.a
Description I-Worm.Lovelorn.a
Lovelorn spreads via the Internet as an email file attachment. The infected file is a Windows PE EXE file about 100KB in size and written in Borland C++.
Infected emails have the following possible characteristics:
Subject: Re:baby!your friend send this file to you !
Message text: Read this file
Subject: HELP??-
Message text: Helpall
Subject: Re:Get Password mail...
Message text: Enjoy
Subject: There're some Passwords here
Message text: Read File attach .
Subject: Re:Binladen_Sexy.jpg
Message text: run File Attach to extract:BinladenSexy.jpg...
Subject: The Sexy story and 4 sexy picture of BINLADEN !
Message text: Enjoy! BINLADEN:SEXY..
Subject: Re:I Love You...OKE!
Message text: Souvenir for you from file attach...
Subject: A Greeting-card for you .
Message text: See the Greeting-card .
Subject: Re:Kiss you..^@^
Message text: Read file attach
Subject: Guide to ...
Message text: I like Sexy with you.
Subject: Re:Baby! 2000USD,Win this game...
Message text: Play the game from file attach
Subject: Help
Message text: Help.
The name of the attached file is chosen arbitrarily and has the following extensions:
.Kiss.ok.exe
.HTM
The senders return address is falsified.
Installation
When launched the worm codes itself into the Windows system catalog under the following names:
Explorer.exe
Kernel32.exe
Netdll.dll
Serscg.dll
The Lovelorn worm then creates the files Setup.hrm, Bsbk.dll and Netsn.dll, all containing code in the MIME format. The worm then creates the file, 'Findfast.exe' in the Startup folder.
Next, the worm registers itself in the autorun key section of the system registry using the following entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionRun
explorer=%System%explorer.exe
Propagation via Email
The Lovelone worm searches infected (victim) computers for the file extensions, '.dbx' and '.htm'. It then looks within files using these extensions for email addresses that it then records in the file 'Mssys.dll'. The addresses held in this file will be later used as recipients of virus copies. To send out infected email messages, Lovelorn uses a built-in SMTP server.
Infected files
The worm is able to infect PE application files, copying itself into the file headers.
Propagation via diskette
Lovelorn copies itself on the A: drive under the name 'NQH_Kiss_you.exe'.
|
Home
Viruses from A to Z
0-9
A
B
Ñ
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Parship
Websense Online Orkut Proxy
Myspace Unblocking Facebook Proxy
Hide Your Ip Unblock Web
High Anonymous Facebook Myspace Proxy
|