|
| |
|
Malware Description Search |
|
|
| | |
|
|
| |
Home / Viruses / Virus Encyclopedia / Malware Descriptions / Network Worms / Email Worms
Email-Worm.Win32.Warezov.ex
Other versions: .at, .bw, .do, .et, .gl, .iq, .jv, .jx, .la, .lb, .lg, .mo, .ms, .mx, .nd, .nf, .ns, .nv, .oa, .oi, .on, .op, .ov, .oz, .pb, .qa, .qy, .sk
| Detection added |
Nov 01 2006 02:51 GMT |
| Update released |
Nov 01 2006 04:44 GMT |
| Description added |
Jun 19 2007 |
| Behavior |
Email Worm |
This Warezov variant is a component which is used by other variants of the
Warezov family. It is a Windows DLL file. The file is 9,216 bytes in size.
Installation
This malicious program will be installed on the victim machine by another
malicious program.
The worm stops and deletes the following services:
alunotify
nod32krn
drwebupw
piderml
wuauclt1
upgrader
mcupdate
NOD32krn
autodown
avgupsvc
sndsrvc
SNDSrvc
wuauclt
wupdmgr
avginet
aupdate
ndetect
luall
tbmon
wuauserv
kavsvc
lsetup
luinit
lucoms
kavsvc
kav
The program also checks the victim machine for the following file:
%System%\e1.dll
If this file is present, the worm adds a link to its executable file in the
following system registry parameter:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs" = "<path to worm file> "
If your computer does not have an up-to-date antivirus, or does not have an
antivirus solution at all, follow the instructions below to delete the malicious
program:
- Delete the following registry key value:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs" = "<path to worm file> "
- Delete the original worm file (the location will depend on how
the program originally penetrated the victim machine).
- Update your antivirus databases and perform a full scan of the
computer (download a trial version of Kaspersky Anti-Virus).
| | |
|
