W32/Tarbit.f

Type: Worm
Size: Varies
System Affected: Windows 2000,XP,NT,....

Characteristics :

1) Creates the following registry keys :


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WINNT\Winlogon\Shell = explorer.exe %system32%\csmm.exe


2) Create the following files :

◊ %root%\nt.bat
◊ %system%\csmm.exe
◊ %system%\sxmm.dll
◊ %Documents and Settings%\Administrator\Favorites\TeraBIT.url
◊ %Documents and Settings%\Administrator\Desktop\TeraBIT.url

When the worn Runs,disable the TaskMabager,Registry,cmd files

Copyright © 1994-2008 Imen Computer Virology Laboratory I.C.V.L .
All Rights Reserved .
Mehran Rayaneh Engineering Co.