Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
WinWor Viruses Information

Name: WinWor
Category: Viruses
Description: Details
WinWorm

WinWorm is a harmless non-memory resident poly-morphic worm virus. The worm itself is a DOS COM program about 2K in length and encrypted with poly-morphic code. The worm uses Windows features and environment variables and is able to operate correctly under Windows only.
When the infected file is run, the worm installs itself into the system where it copies itself to the Windows system directory with the name WINWORM.COM, to the Windows directory with the names WINDLL.COM and WINSIS.COM (both files have a hidden attributes set). There is also a 'C:WW.COM' worm copy left on the C: drive after installation.
The installation process is performed in two steps:
First, the worm drops itself into disk C: root drive with the WW.DAT name.
Secondly, it inserts itself into the C:AUTOEXEC.BAT set of commands that completes its installation on the next reboot.
To be executed or run each time Windows is booted the worm creates an auto-run key in the WIN.INI file:
[windows] load=WinSis.Com
The worm creates the following files in the Windows directory:
DRIVE.BAT LOADCOM.BAT COPYFILE.BAT DRIVE.PIF
In the Windows SendTo subdirectory it writes:
?³Â?3_~1.lnk - "disk3_" in Cyrillic.
The worm modifies the following registry keys:
HKEY_CLASSES_ROOTcomfileshellopencommand @="LoadCom.Bat %1"
HKEY_CLASSES_ROOTDriveshellopencommand @="Drive.Pif %1"
As a result, the worm files (LOADCOM.BAT and DRIVE.PIF) are being run by accessing a new drive and by executing a DOS COM file. The worm files then run a WINDLL.COM worm copy that drops the infected NEWGAME.COM file onto the A: floppy disk - if it is inserted.
The worm has no payload.
The worm contains the text strings:
[WinWorm_1.0] [WDME 5.0]



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Liberty.117
Unhandled.42
Win32.HLLO.Harrier.1821
Deadman.57
Stupidus.150
Unexe.42
I-Worm.Fo
Macro.Word97.CM
Zhengx
Leonardo.208


 

© 2006-2008 spyware32.com - Privacy Policy