Knowledge Focus: MSN virus removal virus images.zip winlog32.exe Name: IM-Worm.Win32.Agent.f (Kaspersky) virus Alias: Backdoor.Win32.Jusi.ab (Rising) virus Size: 40,960 bytes sample MD5: fc5415dc9054ee0934e ..
remove MSN virus images.zip winlog32.exe
Virus Name: IM-Worm.Win32.Agent.f (Kaspersky)
Virus Alias: Backdoor.Win32.Jusi.ab (Rising)
Virus Size: 40,
doudoune pas cher,960 bytes
sample MD5: fc5415dc9054ee0934e3ff3e587de444
sample SHA1: c48246a83290fa05ae8362c1d30c0dff98281cf4
found time: 2007.7
updated: 2007.7
mode of transmission: through MSN Communication
variants:
MSN transmitted virus Backdoor.Win32.IRCBot.acd solution
spread through MSN IRCBot photo album.zip rdshost.dll solution
MSN transmitted virus Backdoor.Win32.IRCBot . acd solution
MSN virus firewallav.dll printers.exe solution
the MSN virus variants in the generated files and start the entry form and different from the past, there is no release dll. Virus was generated after running in the system directory that contains its own copy of the ZIP compressed file:
% Windows% images.zip
compressed package file name is the IMG + figures, the extension is. Pif,
doudoune femme, such as IMG34814.pif.
also create a copy of:
% Windows% winlog32.exe
create a startup entry:
[HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Run]
>
@ echo off
net stop infected compressed% Windows% images.zip:
LOL,
moncler homme, you look so ugly in this picture,
doudoune femme moncler, no joke ...
Should I put this on facebook / myspace?
Hey m8, who is this on the right,
doudoune homme moncler, in this picture ...
Sup,
doudoune homme, seen the pictures from the other night?
when the other contact to receive and open the archive file in the system by the virus infection.
try to connect to a remote IRC command a remote attacker to receive: down.basecore.info
Mutex: ahfabbg
1. remove virus startup items (start menu - run - enter ; winlog32.exe ):
% Windows% images.zip
% Windows% winlog32.exe