hpprint.exe - Dangerous
hpprint.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
Deletes the following local shares: $ipc; $admin; $c; $d
Opens a backdoor by connecting to an IRC channel on the latina.a.la domain using TCP port 6667.
The worm will listen for commands that allow the remote attacker to perform the following actions:
- Download and execute files.
- Scan the network for servers running back door Trojan horses.
- List, stop, and start processes.
- Launch Denial of Service (DoS) attacks.
- Steal system information and send it to the attacker.
- Perform port redirection.
- Start a socks 4 or socks 5 proxy.
Scans for computers and tries to exploit one of the following vulnerabilities:
- The Microsoft Windows Local Security Authority Service Remote Buffer Overflow
- The UPnP NOTIFY Buffer Overflow Vulnerability
Steals passwords and CD keys for the different games and steals user IDs for some software.
Use RegRun Startup Optimizer to remove this worm.