flashmovie.exe - Dangerous
%sysdir%\flashmovie.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
When ShockWave.exe worm runs, it displays the fake error message, "MacroMedia Shockwave Flash is not installed!"
Copies itself as the following files:
* %Startup%\ShockWave.exe
* %System%\FlashMovie.exe
* %System%\Jdbgmgr.exe
* %mIRC%\FlashMovie.ex_
* %Pirch32%\FlashMovie.ex_
* %KaZaA%\Virtual Sex Simulator.exe
* %KaZaA%\Shockwave Flash.exe
* %KaZaA%\SWF_Movie.exe
* %KaZaA%\FlashMovie.exe
* %KaZaA%\XXX video.exe
* %KaZaA%\Cat attacks child.exe
* %KaZaA%\SWF.exe
* %KaZaA%\Comedy video.exe
* %KaZaA%\Simpsons Episode (#[Number calculated from current time]).exe
* %KaZaA%\Tutorial Video on Hacking.exe
* %KaZaA%\MacroMedia Flash 6.0.exe
* %KaZaA%\[SWF] - The Fast and the Furious.exe
* %KaZaA%\[SWF] - Swordfish.exe
* %KaZaA%\[SWF] - Harry Potter and the philosophers stone.exe
* %KaZaA%\[SWF] - Jurassic Park 3.exe
Adds the registry values:
Nimrod_Keyboard Rundll32.exe Keyboard,Disable
Nimrod_Mouse Rundll32.exe Mouse,Disable
to teh key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices
to disable the mouse and keyboard when you start Windows.
It works with Windows 9X/Me only.
ShockWave sends e-mails with attachment FlashMovie.exe.