WORM_STRATION.FA

It is another email virus that comes as an attachment. This worm propagates by attaching copies of itself to email messages that it sends to target addresses gathered from the Windows Address Book. It is capable of sending email messages without using mailing applications, such as Microsoft Outlook. Its main payloads are dropping and downloading malicious file.


Effects:
1) It drops the following files that are malicious

• ifcconf.exe
• ifcmgr32.dll
• infowshb.dll
• rtutvb5d.dll

2) It also drops the following files that will affect the system in the following folders

• %System%\confifc.dll
• %System%\ifcperf.exe
• %System%\ifcprf32.dll
• %System%\ifcstat.dll
• %System%\sendwmdm.exe
• %Windows%\tifc32.exe

3)  It creates the following auto start entry that will enable the virus to do its malicious activities

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  ifcdiag = "%System%\ifcconf.exe" 
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dbgmgr
  DllName = "%System%\ifcmgr32.dll" 

4) It will create following registry

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shdosbei 

5) It will modify the following registry entry

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
  AppInit_DLLs = "infowshb.dll confifc.dll ifcstat.dll"

Posted in: Email Threat,PC Support,Technical Support,TechSupp 247,Virus Removal Expert,worm_Stration