|
|
Detect and remove hidden rootkits using
UnHackMe
RegRun Security Suite = 24 system utilities for protecting your computer. Try now! |
 %system%\regedit.exe - Dangerous
This worm spreads via the Internet, using computers infected by I-Worm.Mydoom.a and I-Worm.Mydoom.b to propagate. Copies itself to: %system%\regedit.exe Adds the value: NeroCheck = %system%\regedit.exe to registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run The worm creates the unique identifier _sncZZmtx_133 to show its presence in memory. The worm connects to TCP port 3127, which has been opened by shimgapi.dll, the backdoor component of Mydoom, to receive commands. If the infected computer answers the command, then Doomjuice establishes a connection and sends a copy of itself. The backdoor component of Mydoom accepts the file and executes it. To determine which IP addresses to attack, the worm uses the following formula: (A.B.C.D) where A,B,C,D is a random numbers. If the current date is not between the 8th and the 12th of the month and it's not January the worm will launch a DoS attack on the www.microsoft.com site. With RegRun Startup Optimizer you can automatical remove it from startup. Removal: %system%\regedit.exe is removed by RegRun.
Read more... Removal instructions...
Recommended software: RegRun Security Suite - removal and protection. http://www.regrun.com RegRun Reanimator - free removal tool. greatis.com/reanimator
What is hidden in MSDN? Why software developers prefer Win32.FreeTechSecrets.com? All Unix Manuals in Alphabetical Order C# controls for .NET in 3 simple steps. Constantly updated. Last update: May 12 2008
Interesting information about Vista programs... Need consultation? Would you like to add your opinion?
|
|
