7/7/2023 0 Comments W32 agobot worm![]() The worm also modifies the Windows HOSTS file in order to block access to anti-virus vendor sites. This malware terminates processes with the following names: It also creates the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ "Logon Settings" = "mshtmldat32.exe.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Windows Sys" = "explorer.exe mshtmldat32.exe".HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce "Services Start" = "mshtmldat32.exe".The worm then installs itself to the system and creates several startup keys for itself in the Registry: Once downloaded onto a computer, the worm drops the following copies of itself: If the recipient follows the link, they are taken to a website where they are prompted to download a copy of the worm.After being run the worm displays an image, usually "Soap Bubbles" (this image is a standard wallpaper provided with the Windows operating system). It sends short text messages with URLs for two different websites. ![]() IM-Worm:W32/Skipi.A is an IM-worm that spreads via the Instant Messaging application Skype Chat.
0 Comments
Leave a Reply. |