Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
I-Worm.Lentin. Viruses Information

Name: I-Worm.Lentin.
Category: Viruses
Description: Details
I-Worm.Lentin.v

Lentin.v spreads via the Internet as an attachment to infected messages. It also spreads via networked resources and the Kazaa file-sharing network.
The worm itself is a Windows PE EXE file of approximately 60KB, written in Visual C++ and compressed using UPX. The uncompressed file is approximately 478KB in size.
Lentin.v interferes with the operation of antivirus applications. It also carries out DoS attacks on certain IP addresses.
It alters the files 'Hosts' and 'Lmhosts' in the Windows directory to prevent users of infected machines from viewing the following web sites:
www.symantec.com
www.microsoft.com
www.sophos.com
www.avp.ch
www.mcafee.com
www.trendmicro.com
www.pandasoftware.com
www3.ca.com
www.ca.com
Propagation
The worm uses its own SMTP server to send out copies of itself. It spreads via both network resources and the Kazaa file sharing network.
File attachments containing the infected code may have one of the following extensions:
.COM
.EXE
.ZIP
The message fields of infected emails contain random information.
The worm sends itself to all addresses found in the Windows address book, MSN Messenger, NET Messenger and Yahoo Pager.
Installation
Lentin.v must be launched manually in order for a machine to be infected. When an infected attachment is opened the worm is activated. It copies itself to the Windows system directory under the following names:
MSUPDAT.EXE
MSEXEC.EXE

It also uses the file 'msupdat.exe' to update the system registry with the following entries:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices]
This ensures that the worm's executable file will be run each time a victim machine is booted.
The worm then searches for the Windows system file 'WIN.INI' and adds the following string:
run=



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Macro.Word97.Lulun
Trojan.Win32.Glieder.ge
Ocsana.69
I-worm.Mydoom.a
Andy.99
Lunch.78
LR.288
Minsk.107
Trojan-Downloader.Win32.Small.bd
Mirror.413


 

© 2006-2008 spyware32.com - Privacy Policy