Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
I-Worm.Sysno Viruses Information

Name: I-Worm.Sysno
Category: Viruses
Description: Details
I-Worm.Sysnom

This is a virus-worm that spreads via the Internet attached to infected e-mails. The worm itself is a Windows PE EXE file about 21Kb in length (compressed by UPX, decompressed size is about 45K), and is written in Visual Basic.
Infected messages contain:
Subject: Good News
Attachment: SoftwareKey.exe
The body is selected from the following three variants:
Wanna remove the I-worms CodeRed, BadTrans, Goner, Updater, etc?
Good news for you because we're giving you a software which removes the latest internet worms in your pc.
Included is your free software from AVP.
Hi! You are a winner of a trip to Iceland.
Included in this message is a software which can help you claim your prize.
See you there!!! Iceland.com
Hi! You have just won yourself a plane ticket to Bali, Indonesia!
Click the attachment to see how to claim your price.
This message is courtesy of YouCanSeeTheWorld.com.
The worm is activated from an infected e-mail only when a user clicks on the attached file. The worm then installs itself to the system, and copies itself to C:WINDOWS directory with the following names:
C:WINDOWSSoftwareKey.exe
C:WINDOWSSYSNOM.EXE
C:WINDOWSSCANREGW.EXE (opriginal SCANREGW file is overwritten by worm copy)
and registers one file in the system registry auto-run key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun System Monitor = c:WINDOWSSYSNOM.EXE
The worm then displays the following message:

and starts its e-mail spreading routine. To send infected messages, the worm uses MS Outlook, sending messages to all addresses found in the Outlook address book.
The worm then opens the "http://www.avp.ch" site with IEXPLORER.EXE, and starts a DoS attack on the "indovirus.8m.com" site.
The worm does not manifest itself in any other ways.



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Leda.82
I-Worm.NetSky.
Leproso.122
Lation.89
Finnish.35
Tip.55
Illusion.133
YouAreIll.118
Uruk Famil
Win95.HPS.512


 

© 2006-2008 spyware32.com - Privacy Policy