Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
WootBot Trojan Information

Name: WootBot
Category: Trojan
Advice: Remove
Risk: Severe Risk Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: WootBot is a memory resident trojan propagates through network shares.

Upon execution WootBot drops a copy of itself as the file WINSSV.EXE in the Windows system folder.

It also takes advantage of the Windows ISS5/WEBDAV vulnerability.

For more information regarding this vulnerability, please refer to the following Microsoft Web page:

Microsoft Security Bulletin MS03-007
It steals the Windows product ID and the CD keys of popular PC games.

It registers itself as a service by adding the following registry key:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSet
ServicesCronation

It also attempts to download a file from an FTP site in order to execute in the system.

This worm steals the Windows product ID and the CD keys of the following PC games, if they are installed on the system:

Battlefield 1942: Secret Weapons Of WWII
Battlefield 1942: The Road To Rome
Battlefield 1942: Vietnam
Black and White
Command and Conquer Generals Zero Hour
Command and Conquer: Generals
Command and Conquer: Red Alert2
Command and Conquer: Tiberian Sun
Counter-Strike
FIFA 2002
FIFA 2003
Freedom Force
Global Operations
Gunman Chronicles
Half-Life
Hidden and Dangerous 2
IGI2: Covert Strike
Industry Giant 2
James Bond 007 Nightfire
Medal of Honor Allied Assault
Medal of Honor: Allied Assault: Breakthrough
Medal of Honor: Allied Assault: Spearhead
Nascar Racing 2002
Nascar Racing 2003
Need For Speed: Hot Pursuit 2
Need For Speed: Underground
Neverwinter Nights
NHL 2002
NHL 2003
Ravenshield
Shogun Total War - Warlord Edition
Soldier Of Fortune 2
Soldiers Of Anarchy
The Gladiators
Unreal Tournament 2003
Unreal Tournament 2004
Signatures: process: navsys32.exe: MD5 Hash: 3656e62d4e86c412079... process: svcshost.exe: MD5 Hash: ... process: elite.exe: MD5 Hash: d38ba2320b27c781a80... process: winssv.exe: MD5 Hash: ... process: lsass2.exe: MD5 Hash: 15d3bf49bf101b4f01a... process: pomedsrv.exe: MD5 Hash: ... process: winapa.exe: MD5 Hash: 82b22de0c766afa5aec... process: ctfnom.exe: MD5 Hash: 14d559bffdc55ed0351... process: svcshost.exe: MD5 Hash: 98810ebe286711c0e8c... process: symantec32.exe: MD5 Hash: ... process: navsys32.exe: MD5 Hash: ... process: mspmspsu.exe: MD5 Hash: dcfa0329c44f44928ed... process: pomedsrv.exe: MD5 Hash: 31bc7daacc5a87c1542... process: winssv.exe: MD5 Hash: d3c162ff7844f5562bf... process: winitr32.exe: MD5 Hash: d1e424f6111183737bd... process: symantec32.exe: MD5 Hash: c2f965f4feb0c934ed1... process: syshelper.exe: MD5 Hash: cb01ec600c872bd0c57... process: mqguard.exe: MD5 Hash: ae4d33c234fb386b407... process: winssv.exe: MD5 Hash: 413d19d8c67123707b2... process: winupdx.exe: MD5 Hash: af57ea1ce17734ab087... process: hostsvc32.exe: MD5 Hash: a14672a0b401ba21d8e... process: atitax.exe: MD5 Hash: 43e9329d1840c0f67a1... process: winsnd32.exe: MD5 Hash: a07699ee7e08ab34faf... process: navwp32.exe: MD5 Hash: b68e7cd71ef6c19428c... process: ptcpk.exe: MD5 Hash: 3b9baee45cf69201c16... process: systemwin32s.exe: MD5 Hash: 5623f1b2b355e68dafc... process: lssas.exe: MD5 Hash: f97c8bd636e185275b7... process: updatemgr.exe: MD5 Hash: 0aebdb8820931c97e47... process: xpmonitor.exe: MD5 Hash: e4f685f22b8d2828570... process: servicetask.exe: MD5 Hash: 9179396a5e2e94b8385... process: systemwin32s.exe: MD5 Hash: 7cea6b3791df4c17710... process: norton32.exe: MD5 Hash: 5798c05cdf0490de18b... process: spvsper.exe: MD5 Hash: 56b47368b99a6189ff4... process: rundll.exe: MD5 Hash: 6f6f096239d4d7dfe02... process: windbg.exe: MD5 Hash: 077e7a76278307b5c17... process: videosd32.exe: MD5 Hash: bfbb3ffec801fb53da1... process: tvl.exe: MD5 Hash: 912f3144715c5a1583b... process: vuamgard.exe: MD5 Hash: 6d607a190401f5bf7cf... process: rundii.exe: MD5 Hash: bed2986fd6f5d96db4b... process: wind32z.exe: MD5 Hash: 9a0abb099e026851920... process: windowsupdate.exe: MD5 Hash: ed49ed752f254d7753a... process: sp1update.exe: MD5 Hash: 7805874963c82a20f2b... process: winxpinit.exe: MD5 Hash: 1644bb810fad0acd0dc... process: winstr32.exe: MD5 Hash: 01e1c15e11e926dadb2... process: msnmsgr.exe: MD5 Hash: 0a65e4d6793a678497f... process: serviced.exe: MD5 Hash: a268737369035589db7... process: avscan.exe: MD5 Hash: 6e50996d0e844a1e80d... process: php.exe: MD5 Hash: dd3b9978c6f9ddebca5... process: winssl.exe: MD5 Hash: d98245b7a646b4e0499... process: msgplus.exe: MD5 Hash: fc5401ebe6854912617... process: iexplore.exe: MD5 Hash: 9b7d66fcaa9f2a0d8f8... process: serves32.exe: MD5 Hash: ddbe1f80f67530a9377... process: msrepair.exe: MD5 Hash: 85fe5355206ae1899c8... process: msconfig.exe: MD5 Hash: 7a5156d1c45190c3e4a... process: swwhost.exe: MD5 Hash: 16f0819f52946dcdeb3... process: cygcfg32.exe: MD5 Hash: efe2014c2a5e8c1e94e... process: msconfig.exe: MD5 Hash: b445ba6000c3da8cb2b... process: ford3h.exe: MD5 Hash: 0041c132bc3ff6b2bee... process: logwin.exe: MD5 Hash: 48daf002569c53157d5... process: lsass64bit.exe: MD5 Hash: c5f8ee38f6b6ea7eccb... process: cthelper32.exe: MD5 Hash: b44ffdeda06dacd6bce... process: crss.exe: MD5 Hash: f3bf9bcc1c7b3b39cc0... process: iexplore.exe: MD5 Hash: ed337a6f1aafd6857b9... process: task.exe: MD5 Hash: 1eeb04248f081d4075f... process: avhost.exe: MD5 Hash: 8e3aab6f9d54d9f3f3e... process: msnms.exe: MD5 Hash: cb949153eec15ae7a1f... process: hp_deskjet_500.exe: MD5 Hash: 96b7e20a00a564bf4d1... process: msnms.exe: MD5 Hash: 95a05262898b48f2a26... process: rundli32.exe: MD5 Hash: 4a027d07de1bb287f2a... process: lmas.exe: MD5 Hash: cf1b40873d260b904b1... process: mpsvc.exe: MD5 Hash: f94375a9f1dac51418b... process: nvsv32.exe: MD5 Hash: 5d61574c914e9c8ca85... process: msnplus.exe: MD5 Hash: ffe942c4d6363af6e54... process: smssystem32.exe: MD5 Hash: bc667a8b3ace35b8c6a... process: winhost.exe: MD5 Hash: d409ca75d4d1b993a7c... process: fowilco.exe: MD5 Hash: 3a1d473fe1c28fe88e7... process: w32uptime.exe: MD5 Hash: 87652c863a7a1e1d81e... process: officexp.exe: MD5 Hash: 657c94d78fd454557f1... process: ntosrkl.exe: MD5 Hash: d222ccfc1e206dc5d28... process: msn.exe: MD5 Hash: d40d0aa6d9eefa774be... process: win32resc.exe: MD5 Hash: d9fc256b470366396c3... process: win32resc.exe: MD5 Hash: bf3d66782a29cfd6b11... process: spoolsrv.exe: MD5 Hash: bf67ac180f13ddee3be... process: lass32.exe: MD5 Hash: a03b9ee397cf3ddfb25... process: svch0st.exe: MD5 Hash: 5d675bd7d0c6b7bb7a3... process: netz.exe: MD5 Hash: 1b7b313866152c656e4... process: wmedia.exe: MD5 Hash: ebe769910b62f584a35... process: sayanx.exe: MD5 Hash: 922152025f8014afbd3... process: msn.exe: MD5 Hash: 3d666bc2ebde1acbf52... process: winr35.exe: MD5 Hash: eb49e95af8cc61ea564... process: sysdat2.exe: MD5 Hash: 13913f00c4e95093ad3... process: win32tool.exe: MD5 Hash: 2e07b260a1e04d87694... process: win32edit.exe: MD5 Hash: 54d1fcf18173fde1e8e... process: servicetask.exe: MD5 Hash: ad299096152de38b169... process: winfax32.exe: MD5 Hash: d2607d8e0ac86baa0df... process: good.exe: MD5 Hash: 1df938b6db7343c702c... process: wmedia.exe: MD5 Hash: 665ff1a92b83c9d08df... process: nets.exe: MD5 Hash: e8acaac530a1d8d10ca... process: win9x.exe: MD5 Hash: b11e71cc0af4e7cd684... process: scvvhost.exe: MD5 Hash: 4c58ecfc6f9208cc661... process: emp32.exe: MD5 Hash: 55766a497bc1ee28e7e... process: servicetask.exe: MD5 Hash: bdc76cfac1ec5c26b9b... process: guardpc.exe: MD5 Hash: edb56778ffda3e6fdf7... process: scvhostingg.exe: MD5 Hash: 106cd5761ae0f73948d... process: popupkill.exe: MD5 Hash: 1086c325a4458f4d0dd... process: scvhostingg.exe: MD5 Hash: 36065d17a62f362a139... process: servicetask.exe: MD5 Hash: 4a3e0402251b464c9cf... process: sys32.exe: MD5 Hash: d5809e51f01a8411963... process: servicetask.exe: MD5 Hash: e3a80bd2fd04ed91e02... process: serves32.exe: MD5 Hash: 15308c29239b1d08fe7... process: winsnd32.exe: MD5 Hash: 1befe4af2be650d37d6... process: mspci.exe: MD5 Hash: 7fc3f560f548175c520... process: winxsaver.exe: MD5 Hash: 7339013ea09c24650b5... process: iexplore.exe: MD5 Hash: 60a8e89e0a5005b5e85... process: sndmon16.exe: MD5 Hash: 7dad8c2355b08e62d6a... process: msiexec32.exe: MD5 Hash: 0ba55f7b7f26b300faa... process: winsql32.exe: MD5 Hash: c016f275a06f64123c1... process: msnwin.exe: MD5 Hash: d924f1cdf2de211ba5d... process: sndmon16.exe: MD5 Hash: 304cbc024919b30968b... process: win9x.exe: MD5 Hash: e9fbd9ce1f1ccb2a59a... process: msngrrr.exe: MD5 Hash: 2a88c27cc13424ccd1e... process: nvap32sys.exe: MD5 Hash: 3b45abb0b89bb759ebc... process: msvc32.exe: MD5 Hash: 6b6c59aa48a69e16d33... process: win9x.exe: MD5 Hash: 2ca600d76903045956d... process: svzhost.exe: MD5 Hash: 270d3145cbb165a3ea6... process: systemwin32s.exe: MD5 Hash: f26ff5c1bfdb2ca728d... process: systemsms.exe: MD5 Hash: 37be6d62b291f476fcd... process: msprc.exe: MD5 Hash: d81dd8f1522475d344d... process: scvhostingg.exe: MD5 Hash: ca9c2e83bacaaf168a5... process: msnmsgr.exe: MD5 Hash: 0f9c94009e0e2ae1ea4... process: msconfig.exe: MD5 Hash: 77ffc7b84cb901588e9... process: wintasx.exe: MD5 Hash: a743bafa022132cac7f... process: doit.exe: MD5 Hash: b0ff1f469a0ad8d6905... process: cygwin.exe: MD5 Hash: 2b172f2d8d5248e7bf5... process: ntfs64.exe: MD5 Hash: b185db840d54956734d... process: nvsv33.exe: MD5 Hash: 8f6fd91cd61894bc2d3... process: servenxpp.exe: MD5 Hash: bcf29eff98d177d5912... process: scvhost.exe: MD5 Hash: 36dbbf6aa9b952063d3... process: winsysxt.exe: MD5 Hash: 79f5e00ab982afcbe12... process: sayanx.exe: MD5 Hash: 71cdae120a398eb6e2a... process: tellcom.exe: MD5 Hash: 69c713a6cc5196cc932... process: iexpllorer.exe: MD5 Hash: e8a117b63b40967e2b1... process: lovely.exe: MD5 Hash: e3ba4f1e8c1965e4c6b... process: winv.exe: MD5 Hash: 7ebaf7935e8986394ab... process: wuampdr.exe: MD5 Hash: df921f0433590d7a963..
Type: Trojan - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy.



Top Trojan Visited Pages:
Tro.Downloader.loadadv - 411 visits
Enable Regedit - 195 visits
Java.ClassLoader.Dummy.d - 187 visits
Trojan.BankerSpy - 179 visits
RBot.steam - 86 visits
Startup.NameShifter.Xgtray - 77 visits
Tro.Bagle.SP - 59 visits
LRPatch Trojan - 58 visits
Trojan.BHO.NameShifter.EZ - 55 visits
Tro.YourStartingPage - 54 visits

Random Trojan Pages:
Trojan.wsrv32 - Alias: wsrv32
Trojan.SysCenter.A
Backdoor.Win32.Rbot.gen
Trojan.Startup.NameShifter.DF
ERRB - Alias: Trojan.Win32.Erase2002.c
Trojan.BHO.NameShifter.CO
Tmp.UnspecifiedTrojans.01
Trojan.Startup.NameShifter.DH
Tro.PdPinch.b
Infamy


 

© 2006-2008 spyware32.com - Privacy Policy