Worm.P2P.Harex.c
Description Worm.P2P.Harex.c
This is a peer-to-peer worm, also known as Exebat. The worm file is about 2 KB in size, packed with FSG. The unpacked file is 17 KB in size.
Installation
During installation the worm creates a folder named "sys32" in the Windows system folder and copies itself to this folder under one of the following filenames:
All Adobe Products Keygen.exe
All Macromedia Products Keygen.exe
All Microsoft Products Keygen.exe
BurnDvds.exe
Divx Pro 5.1 Serial.exe
Dvd Plus Crack.exe
Dvd Ripper.exe
Dvd To Vcd.exe
Dvd Wizard Pro Crack.exe
Dvd Xcopy Crack.exe
DvdCopyOne Crack.exe
DvdToVcd Crack.exe
Easy Dvd creator Crack.exe
Easy Dvd Ripper.exe
EZ Dvd Ripper.exe
Nero Burning Rom Crack.exe
Nimo Codec Pack Updater.exe
Xvid Codec Installer.exe
This folder is then registered in the Windows system registry as Local Content for Kazaa and iMesh file sharing systems:
[HKCUSoftwareKazaaLocalContent]
[HKCUSoftwareKazaaTransfer]
"dir0"="012345:%Windir%systemsys32"
[HKCUSoftwareiMeshClientLocalContent]
"dir0"="012345:%Windir%systemsys32"
Other As two previous Harex variants did, this worm downloads a file from the server cnet.0catch.com, saves it in the root folder of drive C: as autoexec.bat.Exe and executes it.
Check other viruses! Be aware! Use Antiviral Software
Microb.431
Description Microb.431
This is a very dangerous memory resident parasitic virus. It copies itself into Interrupt Vectors Table, hooks INT 21h, and writes itself to the end of .COM files that are accessed. On the 13th of any month, it erases the disk sectors, and displays the following message:
MICROB I
Microbi.312
Description Microbi.312
It is not a dangerous memory resident parasitic virus. It copies itself into Interrupt Vectors Table, hooks INT 21h and writes itself to the end of COM files that are executed. It displays/contains the text strings:
Microbi is here!
4991 uhcyzrK
|