Displaying Results for threatBackDoor.Generic3.GBB!CME-762
This worm spreads by internet exploiting MS Windows Server Service vulnerability described in MS Security Bulletin MS06-040.
Installation:
When the worm is launched it copies itself as wgavm.exe to Windows System Directory and registers itself under name Windows Genuine Advantage Validation Monitor as service with automatic startup type in HKLM\SYSTEM\ControlSet001\Services\wgavm key in Windows Registry.
Worm also changes value in entry "EnableDCOM" to "n" in HKLM\software\microsoft\ole key in Windows Registry which disables DCOM protocol.
In case of WinXP and Win2003 Server worm changes automatic startup type of Windows Firewall/Internet Connection Sharing (ICS) service in HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess key to manual startup which disables Windows Firewall.
Spreading: internetWorm stores its copyes in shared folders, searches IP addresses and when it finds a vulnerable computer it uses the exploit for downloading a copy of itself and its launching
2 comments:
Hello, dear
I needed to peruse your blog, I appreciated perusing your blog. there is a ton of good data on your blog, I cherished understanding it and I figure individuals will get a ton of assistance from this (Mcafee.com/activate) blog. Sam, I have composed this sort of blog, You can likewise peruse this blog. I figure you will get a ton of assistance from this as well. I trust you like my blog, I trust you got a ton of assistance from this blog.
Thanks, I'm reading this text – I hope you found it useful. I've got browse your journal superb info produce good information article, Your article could be a smart inspiration for this blog. Thanks For different info within the future. visit for site
Post a Comment