w32/bugbear.b@mm

Imagen biografía
Categoría: Gusanos de e-mail
Valora este manual:





 
Enviada por: Administrador

Manual de informática de w32/bugbear.b@mm

w32/nofear, i-worm.fearso, trile
tipo: gusano de e-mail / redes compartidas, troyano esp?a.

tama?o: 47,797 bytes
origen: internet
destructivo: si (roba contraseñas y envía información de la computadora) en la calle (in the wild): si detección y eliminación:
the hacker 5.5, registro de virus al 13/06/2003
descripción:
w32/nofear , es un gusano que se propaga vía e-mail y a trav?s de la red de intercambio de archivos kazaa. este gusano infecta archivos ejecutables e intenta finalizar todos los procesos de antivirus y firewalls en el computador infectado.
características de los mensajes de e-mail:
asunto: variable, el gusano utiliza asuntos al azar o extrae uno de la siguiente lista
$150 free bonus!! 25 merchants and rising! announcement! bad news!! call for information! click on this! correction of errors! cows daily email reminder! empty account! fantastic! free shipping! fsm32 get 8 free issues - no risk!! get a free gift! greets!! hi! history screen! i need help about script!!! interesting... introduction its easy! ing! just a reminder!
lost & found! market update report! membership confirmation my ebay ads! new bonus in your cash account! new contests! new reading news payment notices! please help... report scam alert!!! sponsors needed! star wars ii movie stats today only!! tools for your online business! various! warning! wow! your gift! your news alert!! cuerpo: variable, el gusano utiliza asuntos al azar o extrae uno de la siguiente lista
attached one gift for u.. check the attachment! check the attachment.. enjoy the attachment! hi check the attachment ... more details attached! see the attachment! archivo adjunto: variable, con doble extensión que termina en .bat, .pif o .scr
la primera extensi?n puede ser cualquiera de las siguientes:
.bmp .dat .gif .htm .jpg .mdb .mpg .zip el nombre de los adjuntos puede ser:
bullshit friends friends4u friendscr friendsearch friendsgreetings friendship friendship4u friendshipbird friendshipforu friendsworld fucker greetings love4u lovefinder lovegreetings lovers loverscreensaver lovescr loveshore passion passionup rishtha shakeit shakescr shakinglove shakingfriendship saver shareit truefriends truelovers werfriends ------------------------------------------------------
cuando el gusano se ejecuta se copia en la carpeta windows (ej: c:\windows):
{al azar}.exe
svchost.exe
tambi?n crea el archivo kernel.dll de 70,656 en la misma carpeta.
crea una entrada en el registro para poder ejecutarse en cada reinicio del sistema
hkey_local_machine\software\microsoft\windows\currentversion\run
padmin=c:\windows\{al azar}.exe
este gusano es polim?rfico e infecta a los siguientes archivos ejecutables:
foxhhelp.exe hh.exe regedit.exe mplayer.exe hh.exe notepad.exe winhelp.exe mplayer2.exe msimn.exe winzip32.exe para propagarse v?a redes p2p crea los siguientes archivos en la carpeta compartida, si no est? instalado el programa p2p crea una carpeta llamada my downloads en la unidad ra?z del computador infectado, dentro de dicha carpeta copia los siguientes archivos:
warcraft 3 battle.net crack.exe gta3 patch.exe hoyle card games 2003 crack.exe kazaa spyware remover crack.exe tomb raider 3 key generator.exe msn password hacker and stealer key generator.exe borland delphi 6 patch.exe sudden strike 2 iso - full downloader.exe squad battles eagles strike full downloader.exe cabelas ultimate deer hunt 2 iso - full downloader.exe aliens versus predator 2 primal hunt full downloader.exe austerlitz napoleons greatest victory iso - full downloader.exe msn password hacker and stealer patch.exe hacking tool collection full downloader.exe free virus removal tool from symantec iso - full downloader.exe macromedia key generator.exe zidane-screeninstaler key generator.exe prisoner of war patch.exe macromedia crack.exe soldier of fortune 2 key generator.exe elder scrolls iii morrowind thx brrbrr patch.exe prisoner of war crack.exe unreal tournament 3 key generator.exe age of empires 2 full downloader.exe warcraft 3 battle.net iso - full downloader.exe norton antivirus 2002 full downloader.exe xbox.info crack.exe norton antivirus 2002 iso - full downloader.exe emperor rise of the middle kingdom iso - full downloader.exe aikaquest3hentai patch.exe aim account stealer patch.exe ms train simulator key generator.exe windows xp crack.exe internet and computer speed booster patch.exe clive barker_s undying full downloader.exe macromedia flash 5.0 key generator.exe dark age of camelot shrouded isles full downloader.exe the eye of kraken patch.exe warcraft 3 online full downloader.exe gearhead garage iso - full downloader.exe emperor rise of the middle kingdom crack.exe norton antivirus 2002 patch.exe red ace squadron key generator.exe internet and computer speed booster iso - full downloader.exe empire earth key generator.exe borland delphi 7 iso - full downloader.exe grand prix 4 patch.exe hoyle card games 2003 full downloader.exe winrar 3.2 iso - full downloader.exe half-life won iso - full downloader.exe age of wonders 2 patch.exe crazy taxi crack.exe need for speed 5 porsche unleashed key generator.exe age of wonders 2 key generator.exe free virus removal tool from symantec full downloader.exe hoyle card games 2003 key generator.exe grand theft auto 3 full downloader.exe dark age of camelot shrouded isles key generator.exe austerlitz napoleons greatest victory patch.exe norton utilities 2002 xp full downloader.exe norton utilities 2002 xp crack.exe freedom force full downloader.exe freedom force iso - full downloader.exe industry giant 2 iso - full downloader.exe windows xp sp1 patch.exe internet and computer speed booster crack.exe the sun of all fears crack.exe the neverending story part i full downloader.exe stronghold crusader iso - full downloader.exe kazaa media desktop v2.5 unofficial full downloader.exe age of empires 2 iso - full downloader.exe gearhead garage full downloader.exe unreal tournament 3 full downloader.exe quake 4 beta full downloader.exe quake 3 arena full downloader.exe battle.net full downloader.exe half life blue shift iso - full downloader.exe windows xp patch.exe industry giant 2 patch.exe tomb raider 3 patch.exe gta 3 patch.exe zonealarm firewall full downloader.exe valhalla chronicles full downloader.exe international cricket captain 2003 crack.exe gearhead garage patch.exe lordoftheringsr full downloader.exe neverwinter nights full downloader.exe sudden strike 2 crack.exe age of wonders 2 crack.exe hitman 2 silent assassin crack.exe nero burning rom 5.8.0.1 crack.exe gta3 key generator.exe star wars starfighter patch.exe crazy taxi iso - full downloader.exe neverwinter nights iso - full downloader.exe empire earth full downloader.exe winrar 3.2 full downloader.exe windows xp sp1 iso - full downloader.exe austerlitz napoleons greatest victory key generator.exe grand prix 4 key generator.exe cabelas ultimate deer hunt 2 full downloader.exe the thing key generator.exe battle.net iso - full downloader.exe clive barker_s undying patch.exe gladiator crack.exe norton utilities 2002 xp patch.exe comanche 4 key generator.exe ms train simulator patch.exe half-life won full downloader.exe half-life online full downloader.exe stronghold crusader key generator.exe shakira crack.exe clive barker_s undying crack.exe combat flight simulator 3 crack.exe sudden strike 2 patch.exe warcraft 3 key generator.exe moviezchannelsinstaler patch.exe valhalla chronicles crack.exe star wars starfighter crack.exe clonecd crack.exe combat flight simulator 3 full downloader.exe red ace squadron crack.exe star wars ii movie iso - full downloader.exe cky3 - bam margera world industries alien workshop iso - full zidane-screeninstaler patch.exe duke nukem manhattan project full downloader.exe gearhead garage crack.exe hacking tool collection iso - full downloader.exe the thing full downloader.exe borland delphi 7 full downloader.exe star wars ii movie key generator.exe macromedia dreamweaver mx patch.exe international cricket captain 2003 iso - full downloader.exe eliminacion de procesos para evitar su detección, el gusano w32/nofear@mm termina los siguiente procesos en memoria pertenecientes a algunos antivirus y firewalls:
_avp32 _avpcc _avpm ackwin32 advxdwin agentw.exe alertsvc alogserv amon9x anti-trojan ants apvxdwin atcon atupdater atwatch autodown avconsol avgcc32 avgctrl avgserv avgserv9 avgw avkpop avkserv avkservice avkwctl9 avp c avp32 avpcc avpm avpm.exe avsched32 avsynmgr avwinnt avxmonitor9x avxmonitornt avxquar avxquar.exe avxw blackd blackice c.exe ccapp.exe ccevtmgr ccevtmgr.exe ccpxysvc.exe cdp cdp.exe cfgwiz claw95 claw95c cleaner cleaner3 cmgrdian connectionmonitor cpd cpd at cpdclnt cpdclnt.exe ctrl ctrl.exe defalert defscangui defwatch doors h doors.exe dvp95 dvp95_0 efpeadm efpeadm.exe etrustcipe etrustcipe.exe evpn.exe expert f-agnt95 fameh32 fch32 fih32 fnrb32 f-prot f-prot95 fp-win frw erv fsaa fsav32 fsgk32 fsgk32.exe fsma32 fsmb32 f-stopw gbmenu gbpoll generics guard iamapp iamserv iamserv iamstats icload95 icloadnt icmon icsupp95 icsuppnt iface iomon98 isrv95 itor jedi ldnetmon ldpromenu ldscan lockdown lockdown2000 luall lucomserver luspt mcagent mcmnhdlr mctool mcupdate mcvsrte mcvsshld mgavrtcl mgavrte mghtml minilog monitor moolive mpfagent.exe mpfservice mpftray.exe mwatch nav auto-protect navap navapsvc navapw32 navengnavex15 navlu32 navw32 navwnt ndd32 neowatchlog netutils nisserv nisum nmain normist notst art nprotect nprotect.exe npssvc nsched32 ntrtscan ntvdm ntxconfig nui an nupgrade nvc95 t nvsvc32 nwservice nwtool16 padmin pavproxy pcciomon pccntmon pccwin97 pccwin98 pcscan persfw perswf pop3trap poproxy portmonitor processmonitor programauditor pview95 p-win.exe r.exe rav7 rav7win realmon rescue rtvscn95 rulaunch sbserv scan32 scrscan smc sphinx spyxx ss3edit sweep95 sweepnet sweepsrv.sys swnetsup symproxysvc h1 symtray taumon tc tca tcm tds-3 di tfak vbcmserv vbcons vet32 vet95 vettray vir-help vpc32 vptray vsched vsecomr vshwin32 vsmain vsmon vsstat watchdog webscanx webtrap wgfe95 wimmun32 wradmin wradmin.exe wrctrl zapro zonealarm


Comparte este manual:


Comparte este manual por email con un amigo/a:

Tu nombre
Tu email
El nombre de tu amigo
El email de tu amigo