Worm.Win32.Zindos.a
Description Worm.Win32.Zindos.a
This worm spreads via the Internet using machines infected by I-Worm.Mydoom.m and penetrates victim machines via the backdoor installed by Mydoom.m
It is also programmed to conduct a DoS attack on www.microsoft.com.
The worm is approximately 5760 bytes in size and packed using UPX.
Installation
When launched, the worm copies itself under a random name to the system's temporary directory. It registers this file in the system registry, thus ensuring the worm file will be launched each time Windows is started.
[HKLMSoftwareMicrosoftWindowsCurrentVersionRun]
"Tray"=worm file name
The worm randomly generates an IP address and will attempt to connect to this address via TCP port 1034 (the port opened by Mydoom.m). If a connection is established, the worm will send itself to the victim machine.
DoS attack
The worm sends multiple URLDownloadToCacheFile requests to the Microsoft corporate site.
Check other viruses! Be aware! Use Antiviral Software
Gipro.504
Description Gipro.504
It's a harmless not memory resident parasitic virus. It searches for EXE-files and writes itself to their ends. It contains the internal text string:
-=_ G.I.Pro.V. _=-
Girl.2273
Description Girl.2273
It's a dangerous memory resident virus. It only infects the files pointed to by the 'COMSPEC=' string. The virus checks the file format for COM- or EXE-files infection. This virus contains the file name list and erases the files from this list:
users.bbsfiles.bbs
ly-girl.lzh srcr301.arj wolf-1.arj arwlf.lzh arj205.exe
After infection the virus types "Runtime error 213 at 2BA7:0387." and hangs up the computer.
|