| Description:
|
Details
Win32.HLLW.Poetas.a
Win32.HLLW.Poetas.a belongs to a family of worms which spread by copying themselve to removable storage media, diskettes and all accessible disks.
Worms from this family seem to be written in Cuba.
This worm is a Windows PE EXE file, approximately 350KB in size.
On launch, it copies itself to a range of system folders:
c:Archivos de programa
C:Archivos de programa
C:Program Files
C: Microsoft Office
Archivos de programa
Archivos comunes
Common Files
Winzip
and also copies itself to the D: and E: drives under the names listed below:
Poetas2.exe
Poetashuevos3.exe
Poetashuevos4.exe
Osama.exe
Binladen.exe
Cocina2.exe
Perdon.exe
services.exe
These files are then registered in the system registry, to ensure they are executed each time the system is started, under a range of names. |
