Worm.P2P.Lolol.a
Description Worm.P2P.Lolol.a
Lolol is a worm virus spreading via the Kazaa file sharing network.
The worm has a powerful backdoor routine which connects to an IRC channel where it accepts commands from its "master" (person controlling the worm).
The worm itself is a Windows PE EXE file about 60KB in length and written in Microsoft Visual C++.
When the infected file is run an installation routine.
Installation
While installing the worm copies itself to the Windows system directory under the name "syscfg32.exe" and registers this file in two system registry auto-run keys:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Configuration Loader = syscfg32.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices
Configuration Loader = syscfg32.exe
Spreading
The "Lolol" worm copies itself to the following directories:
C:program fileskazaamy shared folder C:program fileskazaa litemy shared folder
C:My Downloads
Following are names "Lolol" copies itself under:
play station emulator crack.exe
play station emulator.exe
warcraft 3 serials.pif
warcraft 3 crack.exe
100 free essays school.pif
aol password cracker.exe
aim password cracker
aol cracker.exe
aim cracker.exe
steal usernames.exe
how to hack.exe
divx pro.exe
how to use a shell.pif
Virtua Girl (Full).exe
worldbook.exe
GTA 3 Serial.exe
GTA 3 Crack.exe
gta3.exe
driver.exe
virtua girl - adriana.pif
virtua girl - bailey short skirt.pif
alle.t.c. (there is a total of about 80 different names).
Check other viruses! Be aware! Use Antiviral Software
Suleiman.692
Description Suleiman.692
It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed, opened or renamed. The virus does not infect the TBAV and SCAN anti-virus programs. It does not manifest itself in any way, it contains the text strings:
This is SULEIMAN's Return written by BLACK JACK!
I'm big, I'm bad, I'm not bled!
Sundevil.690
Description Sundevil.690
This is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM files that are accessed. It copies itself to the end of DOS memory and do not fix the MCB list, that may halt the system. On May, 8th it erases the boot sector of the current drive and displays the message:
There is no America.
There is no Democracy.
There is only IBM, ITT, and AT&T.
This virus is dedicated to all that have been busted
for computer hacking activities.
The SunDevil Virus (C)1993 by Crypt Keeper
[SUNDEVIL]
|