Virus Database

Worm.P2P.Sddrop.a

Description Worm.P2P.Sddrop.a

This worm spreads via the KaZaA and iMesh filesharing networks. It drops and runs Backdoor.Sdbot.gen. The worm is compressed using ASPack and is approximately 25Kb in size.
Installation
On execution, the worm copies itself to %System%Xms32.exe. It extracts the file Backdoor.Sdbot.gen and drops it to %System%Xms32.tmp.exe. The worm then creates the folder %Windir%sCache32 and copies itself to this folder under the following file names:


2 Find MP3 8.2.0.exe
AC3-MP3 converter.exe
ACDSee 5.5b.exe
ACDSee Classic 2.79.exe
Ad-aware 6.5 (new)Download Accelerator Plus 6.3.exe
Adobe Acrobat Reader 5.6.exe
Adobe PhotoShop 7.1 crack.exe
All Editor 3.0b.exe
AOL Instant Messenger 6.1.exe
Auction Sentry (new).exe
AudioLabel CD Labeler 3.0 (+crack).exe
Battlefied1942 Pack4 (crack+bloodpatch).exe
BearShare 5.1.1.exe
C&C Generals Pack2 (new patch).exe
Complete UK Music Database 4.2.exe
DirectDVD 4.9.exe
DivX Bundle 6.2.exe
DivX edit (new).exe
DivX Video Bundle 5.5.1.exe
DvD Rip guide (+tools) st0rm.exe
Dynamite Downloads.exe
Easy CD Creator Software Update.exe
FlashFXP (keygen).exe
FreeRip 4.30.exe
Genie Stream 3.2.4.exe
GetRight 5.5 + crack.exe
Global DiVX Player 2.0.1.exe
Gothic 2 (m-patch).exe
Grokster 2.0.exe
Hacker Tutorial (by ph3Akz).exe
Half-Life keygen (+ogc hack).exe
HL keys (working).exe
I.G.I. 2 (new crack).exe
ICQ Lite beta (b2253).exe
ICQ Pro 2003a beta (b4600).exe
iMesh 4.1 beta.exe
iSnipeIt 5.0c.exe
James Bond 007 Nightfire crack.exe
Kazaa Media Desktop 2.5.exe
Kazaa Skins 1.8.exe
KaZooM MP3 Kazaa Accelerator 2.5.exe
Medal Of Honor (Allied Assault) crack.exe
Microangelo 6.0b.exe
mIRC 6.x addon patch.exe
mIRC s3th war-script.exe
Morpheus 2.6.exe
MP3 cut pro 3.0.exe
MSN Messenger 5.5.10.exe
Need for Speed 6 (new cars + crack).exe
NeoNapster 3.92.exe
Nero Burning ROM 5.8.2.4.exe
Network Cable + ADSL Speed 2.0 (beta).exe
New Nvidia (geForce) drivers (beta).exe
Nimo Codec Pack 9.0 (stable).exe
Nvidia Detonator XP Drivers (Windows XP/2000).exe
Operation Flashpoint (bloopatch).exe
Patch Creator 3.5a.exe
PhotoShow 3.1.exe
Pop-Up Stopper 4.0 (beta).exe
Ps2 to Pc tutorial (+tool).exe
QuickTime 7.2 (new).exe
Raven Shield 5.32 crack.exe
RealJukebox Basic 2.8.exe
RealOne Free Player 2.8.exe
RemoteSpy 1.5.exe
Sim City 4 crack.exe
Splinter Cell crack.exe
TitJiggle (flash game).exe
Trillian 0.8 + plugins.exe
UniversalFlood (4.8b).exe
Unreal2 (2.8) crack.exe
UT2003 multi-crack (new).exe
Warcraft3 battle.net(2.5) crack.exe
Window Washer 4.8.exe
WinMX 3.5.1.exe
WinRAR 3.8.exe
WinZip 8.3b (crack).exe
WinZip 9.0 SR-1.exe
Wippit 2.1 (beta).exe
WS_FTP LE 6.0.exe
XViD bundle (codec+tutorial).exe
The worm registers itself in the system registry auto-run key:
HKCUSoftwareKazaaLocalContent
HKCUSoftwareiMeshClientLocalContent
"Dir? 012345:"="%Windir%sCache32"
"DisableSharing"="0"
so that other KaZaA or iMesh users can download files from the %Windir%sCache32 folder.

Check other viruses! Be aware! Use Antiviral Software

Macro.Excel.Dado.a

Description Macro.Excel.Dado.a

This is an Italian macro-virus infecting Excel sheets. It contains five macros in one module "conciente": auto_abrir, auto_cerrar, infectar, vv1, and contamina.
The virus infects a system by creating an infected PERSONAL.XLM file in the Excel startup directory. To infect other sheets, the virus hooks their activation procedure. Upon closing a file, the virus saves it without any alert messages.
The virus was named after the comment present in the virus macros:
Dado Error IrA terminar

On Fridays at 16:30, the virus displays the MessageBox:
ííí GRACIAS A DIOS ES VIERNES !!!
FAVOR DE APAGAR SU COMPUTADOR Y QUE TENGA UN BUEN FIN DE SEMANA

Macro.Excel.Delta.a

Description Macro.Excel.Delta.a

This is an Excel macro virus. It contains one module Delta that contains 28 macros: API, Auto_Close, Auto_Open, bt_1, bt_2, Chk1, Chk2, Dstr, Ghst, Hdn, Hlt, Icn_1, Icn_3, ins, Ky, mcr, mcr1, mcr2, min, Prt, tgu, Trl, Thc1, Tim, Thc2, txt, xl4, Waw.
On opening an infected file the Auto_Open macro is executed. This macro to install the virus on computer runs macros: Tim, Icn_1, Icn_3, Chk1, Chk2, Dstr, mcr, xl4, Hdn.
Tim - sets macro Hlt on timer (is executed every 20 minutes)
Icn_1 - sets macro bt_1 on entering the File/New menu
Icn_3 - sets macro bt_2 on entering the File/Close menu
Chk1 - creates the infected file C:MSOFFICEEXCELXLSTARTEXCELVBA.XLA
Chk2 - copies the current file to EXCELVBA.XLA
Dstr - on January 5 it erases C:WINDOWSSYSTEM*.*, A:*.*, B:*.* and
displays the InputBox:
Delta Viruses
This Is The Example Of My Viruses ! You Can Modified, Added in
Order to be a Good Hacker ! Please Type My Virus Name to Continued
or I'll Destroy Your Computer ! < By Bui'95 >
If virus name is entered not correct, the virus displays the MessageBox
and shutdowns Word:
Sorry ..!, My Virus Name is Delta
mcr - erases the menu that contains the "Macro" substring
xl4 - sets new user name: "Delta Viruses (c)1995 Ver 1.20"

The virus also creates the C:MSOFFICEEXCELLIBRARYEXCELVBS.TXT file, writes its code to there and uses it on infecting.

Home