Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Alias:Dnet.Dropper, W32/MsInit.worm.a [McAfee], Worm.Bymer.a [Kaspersky], TROJ_MSINIT.A [Trend], WORM_BYMER.A [Trend], W32/Bymer-A [Sophos], Win32.Bymer.A [Computer Associates], W32.HLLW.Bymer
Type:Worm 
Size:variable 
Origin: 
Date:01-01-2003 
Damage:Spreads on Intranet / Internet over shared drives 
VDF Version:6.xx.xx.xx 
Danger:Low 
Distribution:High 

DistributionIt searches for IP addresses on systems, which have shared C:\ drives or Windows directories and copies itself on them.

Technical DetailsTR/Worm.RC5.WinInit is a high-level language worm (HLLW).
There are two current versions of the worm: the first version comes as Wininit.exe file, the second one as Msinit.exe. They both have the same functionality, their routine being slightly different. Wininit.exe comes with Dnetc Client together, while Msinit.exe can only copy it. This is why the size of the worm file can be around 22KB or 220KB. All the received samples were packed with UPX and their size varies a little.
As both versions have similar functionality, the following information applies to both of them:
When the worm is activated for the first time, it modifies one of the following registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Services

This activates the worm when the computer starts.
Then it immediately tries to spread, searching for IP addresses on shared drives. When it finds a shared drive, it checks for access to Windows directory. If access is achieved, the worm goes to Windows directory and modifies the Load= line in Win.ini file. This is a guarantee that the worm is activated when computer starts.
Then, according to the worm version, the Dnetc Client is copied or inserted.
Descrizione inserita da Crony Walker su martedì 15 giugno 2004

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.