This article was written on an older version of FileFront / GameFront
Formatting may be lacking as a result. If this article is un-readable please report it so that we may fix it.
Published by GODh 19 years ago , last updated 5 years ago
This is a bit old news (august 27), but maybe there are still players unaware of this, but there is a virus out there that lurks for your cd-key. That virus (worm) is called W32.Kwbot.P.Worm: [quote] When W32.Kwbot.P.Worm is executed, it does the following: Copies itself as: %System%mscommand.exe NOTE: %System% is a variable. The worm locates the System folder and copies itself to that location. By default, this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP). Adds a value: "System Efficiency Monitor"="mscommand.exe" to the registry keys: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion RunServices so that the worm runs when you start Windows. The worm contains its own IRC client, allowing it to connect to an IRC channel. Using the IRC channel, the worm listens for commands from a hacker. The commands allow the hacker to perform any of the following actions: Manage the worm's installation. Control the IRC client on an infected computer. Send the worm to other IRC channels to infect other computers. Deliver system and network information to a hacker. Perform Denial of Service (DoS) attacks against a target, which the hacker defines. Download and execute files upon the hacker's choice. Locates the file-sharing folders of KaZaA, iMesh, and Morpheus in the registry. Copies itself to the file-sharing folders of KaZaA, iMesh, and Morpheus, as well as the following folders: Program FileseDonkey2000incoming Program FilesLimeWireShared NOTE: The attribute of the copies may bet set to Hidden. Some examples of the filenames, which the worm copies itself as, include: Snitch 9.0.exe Messenger Password Stealer 4.0.exe DirectX Buster (all versions).exe BabeFest 2003 ScreenSaver 1.5.exe Cool Edit Pro v2.55.exe Guitar Chords Library 5.5.exe MSN Messenger 5.2.exe Turbo Tax 2003 serial.exe Gamecube Disc Copier serial.exe Yahtzee Deluxe.exe Steals the CD keys of the following games: Tiberian Sun Red Alert 2 IGI 2 Command & Conquer Generals FIFA 2003 Need For Speed Hot Pursuit 2 The Gladiators [b]Soldier of Fortune II [/b] NeverWinter Nights Rainbow Six III RavenShield Battlefield 1942 Road To Rome Battlefield 1942 Counter-Strike Unreal Tournament 2003 Half-Life[/b] More info, recommendations of solutions can be found [url=http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.p.worm.html]here[/url]!
Comments on this Article
There are no comments yet. Be the first!