It is another email virus that comes as an attachment. This worm propagates by attaching copies of itself to email messages that it sends to target addresses gathered from the Windows Address Book. It is capable of sending email messages without using mailing applications, such as Microsoft Outlook. Its main payloads are dropping and downloading malicious file.
Effects:
1) It drops the following files that are malicious
Effects:
1) It drops the following files that are malicious
- ifcconf.exe
- ifcmgr32.dll
- infowshb.dll
- rtutvb5d.dll
- %System%\confifc.dll
- %System%\ifcperf.exe
- %System%\ifcprf32.dll
- %System%\ifcstat.dll
- %System%\sendwmdm.exe
- %Windows%\tifc32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ifcdiag = "%System%\ifcconf.exe" - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dbgmgr
DllName = "%System%\ifcmgr32.dll"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shdosbei
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = "infowshb.dll confifc.dll ifcstat.dll"
0 comments:
Post a Comment