![]() In the folders: "WINDOWS", "WIN98", "WIN95", "WINNT", "WIN", "WINME", "WINXP" and if it finds such a folder tries to copy itself in network shares looking inthere for Windows folder by searching for "Win.ini" ![]() it appends to all "inetpub\\files a link to the The worm has a special payload on Wednesdays: Remains resident and hides its presence using RegisterServiceProcess function. variant copies itself as "wintask32.exe" and is 44,544 bytes long variant copies itself as "mstask32.exe" and is 45,568 bytes long The main differences between the two versions: The worm spreads via e-mail using it\'s own SMTP engine, and it can compose an Same as previous versions, this internet worm usually arrives via e-mail, but it can also spread "C:\WINDOWS\SYSTEM\wintask32.exe"] Instructies voor verwijdering: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\"Windows Task"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"Windows Task"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\" MicrosoftServiceManager"= File mstask32.exe in System folder ( variant) or wintask32.exe in System folder ( variant) WinNT\System32 on Windows NT based systems) ![]() File exeLoader.exe in System folder (Windows\system on Windows 9x based systems or
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |