W32/Foova.m

Type: Worm
Size: 16896 Byte
System Affected: Windows 2000,XP,NT,....
Others Known As:

Trojan.Win32.VB.akx (Kaspersky)

Characteristics :

1) Creates the following registry keys :


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Matri-x27 = FooVA.EXE


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Matri-x27 = FooVA.EXE


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\Matri-x27 = FooVA.EXE


2) Create the following files :

◊ %root%\FooVA.exe

This worm hides the processes of taskmanager.

Copyright © 1994-2008 Imen Computer Virology Laboratory I.C.V.L .
All Rights Reserved .
Mehran Rayaneh Engineering Co.