W32/Downloader.rs

Type: Downloader
Size: 21884 B
System Affected: Windows 2000,XP,NT,....
Others Known As:

Worm.Win32.Delf.ce (Kaspersky) W32/Threat-HLLIN-Slipper-based!Maximus (F-Prot)

Characteristics :

1) Creates the following registry keys :


◊ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\[Random] = %system%\[Random].exe

2) Create the following files :

◊ %system%\dgvcina.exe
◊ %system%\dcclpai.exe
◊ %system%\meex.com
◊ d:\autorun.inf
◊ e:\autorun.inf
◊ f:\autorun.inf
◊ g:\autorun.inf
◊ h:\autorun.inf
◊ i:\autorun.inf

When worm runs,downloads worms files from the following sites:
http://www.webweb.com/TDown۱.exe

 

Copyright © 1994-2008 Imen Computer Virology Laboratory I.C.V.L .
All Rights Reserved .
Mehran Rayaneh Engineering Co.