I-Worm.Newbier Viruses Definition - Viruses Spywares, Adwares, Viruses Reviews and Info

Main Menu

Categories

Adware
Adware Bundler
AOL Exploit
Backdoor
Browser Hijacker
Browser Plug-in
Commercial Key Logger
Commercial Remote Control
Cookie
Dialer
E-Mail Flooder
Hostile ActiveX Control
ICQ Exploit
Joke Program
Key Logger
Loader
Low Risk Adware
Misc
Nuker
P2P
Password Hijacker
Potential Privacy Risk
Potentially Dangerous Tools
RAT
Search Hijacker
Security Disabler
Spyware
Stealth Notifier
Surveillance
Toolbar
Trojan
Trojan Downloader
Trojan FTP
Trojan Telnet
Viruses
Worm

I-Worm.Newbier Viruses Information

Name:	I-Worm.Newbier
Category:	Viruses
Description:	Details I-Worm.Newbiero Newbiero is a worm virus spreading through local area networks. This worm has a backdoor routine that allows a 'master' (the person controlling the worm) to monitor infected machines. The worm itself is a Windows PE EXE file about 160Kb in size, written in Microsoft Visual C++. When run the worm installs itself into the system, copies itself to the Windows system directory with a random name (for example, AGCMJL.EXE or CBICAR.EXE) and registers this file in the system registry auto-run key: HKLMSoftwareMicrosoftWindowsCurrentVersionRun Microsoft Diagnostic = %worm random EXE name% Newbiero then deletes its original EXE file (from where it was run). The worm also creates the MSSE.INI file in the Windows system directory and uses this file as an infection flag while spreading through the local area network. Spreading To infect the local network the worm scans local network IP addresses and tries to connect to machines it finds by mapping the hard drives. If a successful connection occurs the worm copies itself the hard drive with the name: WINDOWSStart MenuProgramsStartUpmssg.exe If Windows is installed in a directory with a different name, the infection procedure fails to spread the worm. Backdoor The backdoor routine provides remote control to: download to the infected machine other EXE files and run them run local EXE files exit Windows, reboot the machine, logoff users perform DoS (Denial of Service) attacks, thus the worm has DDoS ability report RAS information from the affected machine (logins and passwords) Additional Information The worm tries to terminate the following firewalls: Sygate Personal Firewall Tiny Personal Firewall ZoneAlarm Pro ZoneAlarm If the "c:logging.ini" file contains any content the worm creates .log files where it writes different reports about its actions. Such .log files are: c:logsmisc.log c:logsIPreport.log c:logsips.log c:logsrecived.log c:logsyey.ini c:logsscan.log c:logsinfections.log c:logsservmsg.log c:logsFetchreport.log c:logsopt.abc c:logsabc.cba c:online.log

Top Viruses Visited Pages:

Invader. - 231 visits
not-a-virus:RiskWare.Tool.RegPatch. - 69 visits
Worm.P2P.Harex. - 63 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 55 visits
Small.58. - 55 visits
Coito.64 - 53 visits
I-Worm.Mapson. - 45 visits
Win32.Hidra - 41 visits
Win16.Klon.1177 - 40 visits
Marine.500 - 34 visits

Random Viruses Pages:

Lahyani famil
Moran.272
AV_CK.50
Kvapavka.87
VirTool.Macro.Word.Dem
Rushhour Famil
GeldWash.181
Macro.Word.Dietze
Macro.Word.Templ
KGK.102

� 2006-2008 spyware32.com - Privacy Policy