How bad is win32.exe worm?

Mr. Smith

Mr. Smith

New member
I was on some dodgy sites last night - suffice to say this will be my 1st and last time. Anyhow, I downloaded, scanned the compressed file, extracted it and without thinking I double clicked the folder!

Usually I would have scanned that but I forgot. Anyway avast antivirus popped up so I put the file in the vault and deleted it.

This morning before work I started a scan and within a min an infected file appeared.

I plan on following the 'remove virus hijack' guide...

Just wondered how much of a
cussing.gif
cussing.gif
cussing.gif
cussing.gif
cussing.gif
this worm is?
 
I think it's a fairly big worm

Code: 
This network worm infects computers running Windows. It propagates via the LSASS vulnerability, details of which can be found MS04-011here.

The worm also propagates via the Internet as an attachment to infected emails. It sends itself to all email addresses harvested from the victim machine.

In terms of functionality, this version is almost identical to Mytob.a, differing from it only in the following ways:

1. Mytob.c is approximately 49KB in size, packed using UPX. The unpacked file is approximately 98KB in size.

2. Instead of creating a file named %System%\msnmsgr.exe, Mytob.c creates a file named %System%\wfdmgr.exe

3. It registers this file in the system registry:

Symantic do a removal tool for this :)
 
Would that be a free tool? Nice one for the info... I'll get-a-googling symantic now and find out. Will this tool just do the job and I won't have to go through the ordeal - ok, slight exaggeration, the time consuming ‘virus hijack removal’ guide?
 
LOL! The guide is fantastic mate, I hate waiting for all the in depth virus scans etc to run - hence me labelling it as time consuming.

I'd be up sh*ts creek without a paddle without you/your guide. I extend my most sincere apologies PV ;)
 
Peev- I know, I know... The proof is in the pudding though - lets just see if it works tonight!

Kemp - Symantec? Can't find the tool...
 
Thanks Ham. Virus is gone... Deleted what avast identified, restarted, re scanned. Deleted what it found. Restarted, rescanned - all clear. I'll do another scan in a few days but i think im all clear.
 
name='Dav0s' said:
mine isnt tricky to get to safe mode, i just keep tapping f8 after boot til it works
Click to expand...

Aye but if legacy USB isn't enabled on the 975x boards the USB ports have no power before you get into the OS
 
name='Dav0s' said:
interesting...suppose it stops usb devices from preventing POST?
Click to expand...
Just to speed up POST actually. Why have startup looking for Legacy devices if it doesn't need to? If you have an 'Auto' setting for legacy devices, and you're using USB, then leave it set at that. It'll be picked up then :)
 
name='PV5150' said:
Just to speed up POST actually. Why have startup looking for Legacy devices if it doesn't need to? If you have an 'Auto' setting for legacy devices, and you're using USB, then leave it set at that. It'll be picked up then :)
Click to expand...

Not necessarily. My P5W DH Deluxe doesn't give the USB power after POST and before startup
 
You must log in or register to reply here.

Similar threads

M
Win32:Rootkit-gen query
Replies
6
Views
2K
vorticalbox
vorticalbox
Feronix
Avast, STAHP! ._.
Replies
3
Views
2K
Feronix
Feronix
Scoob
Fun with RamDIsks
2 3
Replies
46
Views
17K
Master&Puppet
Master&Puppet
P
  • Sticky
How To Remove Browser Hijacks, Virus's, Spyware
2
Replies
37
Views
91K
MarkW7
M
Back
Top