This worm will propagate via instant messaging applications online like yahoo messenger, Gtalk, msn Messenger or Digsby.
Effects:
- Deletes registry that are related to anti-virus and security applications resulting in improper functioning of anti-virus programs leaving the system security at risk
- It disables security center functions like firewall security updates
- Disables Internet connection sharing service which will disable sharing
- It sends a copy of its link in the instant messages
- %Program Files%\Microsoft Office\OFFICE11\services.exe
- %Program Files%\Microsoft Office\OFFICE11\WINWORD.EXE
- %User Startup%\Adobe Gamma Loader.com
- These dll files are loaded into the system program files Drvics32.dl, hjwgsd.dll, jwiegh.dll, PUB60SP.mrc, remote.ini, yofc.dll, ruimsbbe.dll, smss.exe and creates an auto start entry in the registry attacking the word file.
- It also disables registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot which will not allow us to boot in safe mode and explorer, shared access, services related registry entry's values will be changed to 4.
- It also pings many sites that are harmful using command prompt.
- The sent spam messages are predetermined, which is listed in HJWGSD.DLLl, and contains the link http://bukuger{BLOCKED}.hared.com. Copies of the malware maybe downloaded from this site, which is currently inaccessible.
0 comments:
Post a Comment