Displaying Results for threatBackDoor.Generic3.GBB!CME-762
This worm spreads by internet exploiting MS Windows Server Service vulnerability described in MS Security Bulletin MS06-040.
Installation:
When the worm is launched it copies itself as wgavm.exe to Windows System Directory and registers itself under name Windows Genuine Advantage Validation Monitor as service with automatic startup type in HKLM\SYSTEM\ControlSet001\Services\wgavm key in Windows Registry.
Worm also changes value in entry "EnableDCOM" to "n" in HKLM\software\microsoft\ole key in Windows Registry which disables DCOM protocol.
In case of WinXP and Win2003 Server worm changes automatic startup type of Windows Firewall/Internet Connection Sharing (ICS) service in HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess key to manual startup which disables Windows Firewall.
Spreading: internetWorm stores its copyes in shared folders, searches IP addresses and when it finds a vulnerable computer it uses the exploit for downloading a copy of itself and its launching
Saturday, November 17, 2007
Virus Encyclopedia
Displaying Results for threatWin32/Mabezat.A
Names,aliases:
Win32/Mabezat.B(eTrust-Vet), Worm.Win32.Mabezat.b (F-Secure), Worm.Win32.Mabezat.b (Ikarus), Worm.Win32.Mabezat.b (Kaspersky), W32/Mabezat.a (McAfee), Win32/Mabezat.A (NOD32v2), Win32.Malware.gen!92 (Webwasher-Gateway)
Behavior:
Polymorphic parasitic file infector of executable files, use removable media and shared folders in LAN to propagate itself.
Description:
Once executed, the worm drops the following files in the folder %DriveLetter%\Documents and Settings:
tazebama.dll (32,768 bytes)tazebama.dl_ (154,751 bytes)hook.dl_ (154,751 bytes)
Modifies the following registry entry:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"SuperHidden"=dword:00000000"Hidden"=dword:00000001
Enables drive autorun by removing entries:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"NoDriveTypeAutoRun"
It may also copy itself to the %UserProfile%\Local Settings\Application Data\Microsoft\CD Burningfolder using the following filename:
zPharaoh.exe
Creates the following folder %DriveLetter%\Documents and Settings\%UserProfile%\Application Data\tazebamafor its own use.
If the current system date matches the condition: year greater or equal 2012, month greater or equal 10 and day greater or equal 16, files with the following extensions are encrypted:
*.TXT*.BAS*.C*.MDB*.ZIP*.RAR*.DOC*.XLS*.CPP*.H*.PAS*.ASP*.PHP*.PPT*.HTM*.RTF*.MDF*.PSD*.ASPX*.ASPX.CS*.HTML*.PDF*.HLPThe encryption consists simply of adding 0x10 to each byte of the file.
Executable files infection:
The virus searches for executables on local drives and on the network. Executables are infected by the overwriting instructions at the entry point. The original code is then stored at the end of file.
Propagation
Copies itself in root folders of drives using the following filename: zPharaoh.exeThe virus also creates the following file: autorun.inf
with the following content:
[AutoRun]ShellExecute=zPharaoh.exeshell\open\command=zPharaoh.exeshell\explore\command=zPharaoh.exeopen=zPharaoh.exe
This causes the virus to be executed each time the user opens the corresponding removable drive using Windows Explorer.
Removing:Remove infected files and restore them from backup.
Names,aliases:
Win32/Mabezat.B(eTrust-Vet), Worm.Win32.Mabezat.b (F-Secure), Worm.Win32.Mabezat.b (Ikarus), Worm.Win32.Mabezat.b (Kaspersky), W32/Mabezat.a (McAfee), Win32/Mabezat.A (NOD32v2), Win32.Malware.gen!92 (Webwasher-Gateway)
Behavior:
Polymorphic parasitic file infector of executable files, use removable media and shared folders in LAN to propagate itself.
Description:
Once executed, the worm drops the following files in the folder %DriveLetter%\Documents and Settings:
tazebama.dll (32,768 bytes)tazebama.dl_ (154,751 bytes)hook.dl_ (154,751 bytes)
Modifies the following registry entry:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"SuperHidden"=dword:00000000"Hidden"=dword:00000001
Enables drive autorun by removing entries:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"NoDriveTypeAutoRun"
It may also copy itself to the %UserProfile%\Local Settings\Application Data\Microsoft\CD Burningfolder using the following filename:
zPharaoh.exe
Creates the following folder %DriveLetter%\Documents and Settings\%UserProfile%\Application Data\tazebamafor its own use.
If the current system date matches the condition: year greater or equal 2012, month greater or equal 10 and day greater or equal 16, files with the following extensions are encrypted:
*.TXT*.BAS*.C*.MDB*.ZIP*.RAR*.DOC*.XLS*.CPP*.H*.PAS*.ASP*.PHP*.PPT*.HTM*.RTF*.MDF*.PSD*.ASPX*.ASPX.CS*.HTML*.PDF*.HLPThe encryption consists simply of adding 0x10 to each byte of the file.
Executable files infection:
The virus searches for executables on local drives and on the network. Executables are infected by the overwriting instructions at the entry point. The original code is then stored at the end of file.
Propagation
Copies itself in root folders of drives using the following filename: zPharaoh.exeThe virus also creates the following file: autorun.inf
with the following content:
[AutoRun]ShellExecute=zPharaoh.exeshell\open\command=zPharaoh.exeshell\explore\command=zPharaoh.exeopen=zPharaoh.exe
This causes the virus to be executed each time the user opens the corresponding removable drive using Windows Explorer.
Removing:Remove infected files and restore them from backup.
AVG Anti-Malware
Integrated security protection against viruses, worms, trojans, spyware and adware. Compatible with Windows Vista!
Includes
Anti-Virus protects from viruses, worms and trojans
Anti-Spyware protects from spyware, adware and other malicious programs
Features
Easy to use protection – install and forget
New program versions and updates, for free, throughout the license duration
Quality proven by all major antivirus certifications (VB100%, ICSA, West Coast Labs Checkmark)
24/7 technical support provided at no extra cost
Improved virus detection based on better heuristics and NTFS data streams scanning
Unique automatic threat-removal anti-spyware engine
Smaller installation and update files
Resident shield with on-access scanning
100% virus detection — AVG’s scanning engine has received numerous awards for its excellent detection of “in the wild” viruses, including the VB100% award. Its unique combination of detection methods provides full protection against viruses, worms and trojans.
Cutting-edge anti-spyware technology — Using the latest state-of-the-art detection technology, AVG detects spyware, adware, DLL-trojans, keyloggers, and much more. Malware hidden in data streams, archives, or the Windows registry is also detected.
Full on-access protection — The powerful AVG Resident Shield provides maximum protection by scanning every file opened, executed, or saved. It also prevents the opening or executing of infected files.
Flexible intelligent scanning — The AVG Resident Shield can include/exclude files from being scanned based on individual file extensions and can handle exceptions for potentially unwanted programs such as adware.
Full e-mail protection — AVG checks every e-mail sent or received, providing full protection from e-mail-borne threats. AVG supports all leading e-mail clients, including MS Outlook, The bat!, Eudora, and all other SMTP/POP3-based e-mail clients, such as Outlook Express. Encrypted connections using SSL are also supported.
Automatic threat handling — AVG can automatically heal or remove infected files and other threats such as trojans, worms and spyware.
Powerful scheduling — AVG automatically provides recommended daily schedules for scanning and updating, and also allows you to create custom-scheduled events.
Multiple language support — No need to buy a special language version.
Recommended System Requirements
CPU Intel Pentium, 600 MHz
70 MB free hard drive space
256 MB RAM
Includes
Anti-Virus protects from viruses, worms and trojans
Anti-Spyware protects from spyware, adware and other malicious programs
Features
Easy to use protection – install and forget
New program versions and updates, for free, throughout the license duration
Quality proven by all major antivirus certifications (VB100%, ICSA, West Coast Labs Checkmark)
24/7 technical support provided at no extra cost
Improved virus detection based on better heuristics and NTFS data streams scanning
Unique automatic threat-removal anti-spyware engine
Smaller installation and update files
Resident shield with on-access scanning
100% virus detection — AVG’s scanning engine has received numerous awards for its excellent detection of “in the wild” viruses, including the VB100% award. Its unique combination of detection methods provides full protection against viruses, worms and trojans.
Cutting-edge anti-spyware technology — Using the latest state-of-the-art detection technology, AVG detects spyware, adware, DLL-trojans, keyloggers, and much more. Malware hidden in data streams, archives, or the Windows registry is also detected.
Full on-access protection — The powerful AVG Resident Shield provides maximum protection by scanning every file opened, executed, or saved. It also prevents the opening or executing of infected files.
Flexible intelligent scanning — The AVG Resident Shield can include/exclude files from being scanned based on individual file extensions and can handle exceptions for potentially unwanted programs such as adware.
Full e-mail protection — AVG checks every e-mail sent or received, providing full protection from e-mail-borne threats. AVG supports all leading e-mail clients, including MS Outlook, The bat!, Eudora, and all other SMTP/POP3-based e-mail clients, such as Outlook Express. Encrypted connections using SSL are also supported.
Automatic threat handling — AVG can automatically heal or remove infected files and other threats such as trojans, worms and spyware.
Powerful scheduling — AVG automatically provides recommended daily schedules for scanning and updating, and also allows you to create custom-scheduled events.
Multiple language support — No need to buy a special language version.
Recommended System Requirements
CPU Intel Pentium, 600 MHz
70 MB free hard drive space
256 MB RAM
AVG Anti-Virus Free is the Most Popular Program on CNET Download.com
AVG Anti-Virus Free and Anti-Virus Pro ranked as number one and number three antivirus programs on download.com
Orlando, F.L. - October 17, 2007 – GRISOFT, the developer of AVG Internet security software, today announced that AVG Anti-Virus Free is the number one downloaded program on all of CNET Download.com. Additionally, AVG Anti-Virus Free is the first most popular and Anti-Virus Pro is the third most popular antivirus based on Editor’s Choice. CNET Download.com is a well-referenced site and is part of CNET Networks, an internationally established online publication and host to technology news and reviews.
AVG security products, for the home and office, are popular among CNET.com reviewers and users alike. AVG Anti-Virus Free holds an editor rating of five out of five, in addition to a user rating of four stars out of five. CNET.com reports that the latest version of AVG Anti-Virus Free, for private, non-commercial use, has earned more than 38 million total downloads, and over 922,600 downloads just last week. AVG Anti-Virus Pro software, GRISOFT’s commercial edition anti-virus, has been downloaded over two million times overall and earned a five of five star editor rating and a user rating of four stars out of five.
“The combination of a 5-star rating from CNET editors and being the most popular download on CNET Download.com emphasizes the value of providing comprehensive security that is not only low on system resources, but most importantly, user-friendly,” explains Rick Carlson, GRISOFT’s managing director of the Americas. “AVG is always designed with the user in mind and we are pleased to see that CNET visitors worldwide appreciate our ongoing efforts to make our software efficient, unobtrusive and easy-to-use.”
Both AVG Anti-Virus Free and Anti-Virus Pro have been engineered to use minimal resources, while still providing strong protection against viruses, worms, Trojans and potentially unwanted programs that infect computers. AVG Pro, a commercial product for home or small business use, provides users more benefits including free 24/7 technical support, multiple operating system compatibility and high-speed downloads, while AVG Free, for personal, single computer use, does not.
Orlando, F.L. - October 17, 2007 – GRISOFT, the developer of AVG Internet security software, today announced that AVG Anti-Virus Free is the number one downloaded program on all of CNET Download.com. Additionally, AVG Anti-Virus Free is the first most popular and Anti-Virus Pro is the third most popular antivirus based on Editor’s Choice. CNET Download.com is a well-referenced site and is part of CNET Networks, an internationally established online publication and host to technology news and reviews.
AVG security products, for the home and office, are popular among CNET.com reviewers and users alike. AVG Anti-Virus Free holds an editor rating of five out of five, in addition to a user rating of four stars out of five. CNET.com reports that the latest version of AVG Anti-Virus Free, for private, non-commercial use, has earned more than 38 million total downloads, and over 922,600 downloads just last week. AVG Anti-Virus Pro software, GRISOFT’s commercial edition anti-virus, has been downloaded over two million times overall and earned a five of five star editor rating and a user rating of four stars out of five.
“The combination of a 5-star rating from CNET editors and being the most popular download on CNET Download.com emphasizes the value of providing comprehensive security that is not only low on system resources, but most importantly, user-friendly,” explains Rick Carlson, GRISOFT’s managing director of the Americas. “AVG is always designed with the user in mind and we are pleased to see that CNET visitors worldwide appreciate our ongoing efforts to make our software efficient, unobtrusive and easy-to-use.”
Both AVG Anti-Virus Free and Anti-Virus Pro have been engineered to use minimal resources, while still providing strong protection against viruses, worms, Trojans and potentially unwanted programs that infect computers. AVG Pro, a commercial product for home or small business use, provides users more benefits including free 24/7 technical support, multiple operating system compatibility and high-speed downloads, while AVG Free, for personal, single computer use, does not.
Removal Tools
Malicious Code has become increasingly complex and infections involve more system elements than ever before. Symantec Security Response has developed tools to automatically conduct what would often amount to extensive and tedious manual removal tasks. If your system has become infected, the tools listed below should aid you in repairing the damage. Symantec now offers a Spyware & Virus Removal service. Sit back and watch while a Symantec expert scans and clears your PC of spyware and viruses. This is a fee based service.
Removal tools..
01/11/07 Backdoor.Haxdoor.S/Trojan.Schoeberl.E Removal Tool
01/04/07 W32.Spybot.ANDM Removal Tool
11/29/06 W32.Spybot.ACYR Removal Tool
10/19/06 W32.Rajump Removal Tool
10/17/06 W32.Pasobir Removal Tool
10/04/06 Symantec Support Tool ActiveX Control Cleanup Tool
09/23/06 Trojan.Linkoptimizer Removal Tool
09/14/06 W32.Bacalid Removal Tool
03/23/06 W32.Antinny Removal Tool
03/23/06 Trojan.Abwiz Removal Tool
03/23/06 Trojan.Exponny Removal Tool
03/23/06 Trojan.Sientok Removal Tool
03/17/06 W32.Davs Removal Tool
02/02/06 W32.Kiman Removal Tool
01/17/06 W32.Blackmal@mm Removal Tool
12/02/05 W32.Secefa Removal Tool
11/10/05 Backdoor.Ryknos Removal Tool
11/03/05 Trojan.Lodear Removal Tool
PrettyPark.Worm Removal Tool
12/21/00 Happy99.Worm Removal Tool
12/21/00 W32.Navidad Fix
12/20/00 W32.Kriz Removal Tool
12/20/00 Kak.Worm.B Fix
12/20/00 W32.HLLW.QAZ.A Fix
12/19/00 BuddyList Removal Tool
12/15/00 W95.MTX Fix Tool
Removal tools..
01/11/07 Backdoor.Haxdoor.S/Trojan.Schoeberl.E Removal Tool
01/04/07 W32.Spybot.ANDM Removal Tool
11/29/06 W32.Spybot.ACYR Removal Tool
10/19/06 W32.Rajump Removal Tool
10/17/06 W32.Pasobir Removal Tool
10/04/06 Symantec Support Tool ActiveX Control Cleanup Tool
09/23/06 Trojan.Linkoptimizer Removal Tool
09/14/06 W32.Bacalid Removal Tool
03/23/06 W32.Antinny Removal Tool
03/23/06 Trojan.Abwiz Removal Tool
03/23/06 Trojan.Exponny Removal Tool
03/23/06 Trojan.Sientok Removal Tool
03/17/06 W32.Davs Removal Tool
02/02/06 W32.Kiman Removal Tool
01/17/06 W32.Blackmal@mm Removal Tool
12/02/05 W32.Secefa Removal Tool
11/10/05 Backdoor.Ryknos Removal Tool
11/03/05 Trojan.Lodear Removal Tool
PrettyPark.Worm Removal Tool
12/21/00 Happy99.Worm Removal Tool
12/21/00 W32.Navidad Fix
12/20/00 W32.Kriz Removal Tool
12/20/00 Kak.Worm.B Fix
12/20/00 W32.HLLW.QAZ.A Fix
12/19/00 BuddyList Removal Tool
12/15/00 W95.MTX Fix Tool
Thursday, November 1, 2007
Keep your firewall turned on
What is a firewall?
A firewall helps protect your computer from hackers who might try to delete information, crash your computer, or even steal your passwords or credit card numbers. Make sure your firewall is always turned on.
Windows XP comes with Internet Connection Firewall, but you must turn it on to use it.
To turn on Internet Connection Firewall:
1. Point to Control Panel, double-click Network and Internet Connections, and then click Set up or change your home or small office network.
2. Follow the steps in the Network Setup Wizard to turn on the Internet Connection Firewall.
When you choose a configuration in the wizard that indicates that your computer is connected directly to the Internet, the Internet Connection Firewall is turned on.
Windows XP Service Pack 2 (SP2) and Windows Vista come with Windows Firewall automatically turned on. Visit Microsoft Update to download Windows XP SP2 for free. Visit the Windows Vista home page for more information about the newest operating system from Microsoft.
What are operating system updates?
High priority updates are critical to the security and reliability of your computer. They offer the latest protection against malicious online activities. Microsoft provides new updates, as necessary, on the second Tuesday of the month.
A firewall helps protect your computer from hackers who might try to delete information, crash your computer, or even steal your passwords or credit card numbers. Make sure your firewall is always turned on.
Windows XP comes with Internet Connection Firewall, but you must turn it on to use it.
To turn on Internet Connection Firewall:
1. Point to Control Panel, double-click Network and Internet Connections, and then click Set up or change your home or small office network.
2. Follow the steps in the Network Setup Wizard to turn on the Internet Connection Firewall.
When you choose a configuration in the wizard that indicates that your computer is connected directly to the Internet, the Internet Connection Firewall is turned on.
Windows XP Service Pack 2 (SP2) and Windows Vista come with Windows Firewall automatically turned on. Visit Microsoft Update to download Windows XP SP2 for free. Visit the Windows Vista home page for more information about the newest operating system from Microsoft.
What are operating system updates?
High priority updates are critical to the security and reliability of your computer. They offer the latest protection against malicious online activities. Microsoft provides new updates, as necessary, on the second Tuesday of the month.
What is antivirus software?
Antivirus software is a computer program that detects, prevents, and takes action to disarm or remove malicious software programs, such as viruses and worms. You can help protect your computer against viruses by using antivirus software.
Computer viruses are software programs that are deliberately designed to interfere with computer operation, record, corrupt, or delete data, or spread themselves to other computers and throughout the Internet.
To help prevent the most current viruses, you must update your antivirus software regularly. You can set up most types of antivirus software to update automatically.
Here are two types of antivirus protection from Microsoft:
• For continuous protection, try Windows Live OneCare, which automatically scans your computer for viruses. You can use it free for 90 days. • For on-demand protection, Windows Live OneCare safety scanner allows you to visit a Web site and scan your computer for viruses and other malicious software for free using Windows Live OneCare safety scanner.
Computer viruses are software programs that are deliberately designed to interfere with computer operation, record, corrupt, or delete data, or spread themselves to other computers and throughout the Internet.
To help prevent the most current viruses, you must update your antivirus software regularly. You can set up most types of antivirus software to update automatically.
Here are two types of antivirus protection from Microsoft:
• For continuous protection, try Windows Live OneCare, which automatically scans your computer for viruses. You can use it free for 90 days. • For on-demand protection, Windows Live OneCare safety scanner allows you to visit a Web site and scan your computer for viruses and other malicious software for free using Windows Live OneCare safety scanner.
Subscribe to:
Posts (Atom)
