Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Alias:Worm/Deloder
Type:Worm 
Size:745,984 bytes 
Origin:unknown 
Date:03-09-2003 
Damage: 
VDF Version:6.18.00.xx 
Danger:Medium 
Distribution:Medium 

General DescriptionWorm/Deloder spreads over Windows Networks on port 445 and tries to log on as administrator using 85 passwords.

SymptomsUnusually increased traffic on TCP port 445.

DistributionWindows networks

Technical DetailsWorm/Deloder (745,984 bytes) spreads itself over Windows networks by port 445. It tries to log as administrator of the remote system using a list of 85 passwords:

* 0
* 000000
* 00000000
* 007
* 1
* 110
* 111
* 111111
* 11111111
* 12
* 121212
* 123
* 123123
* 1234
* 12345
* 123456
* 1234567
* 12345678
* 123456789
* 1234qwer
* 123abc
* 123asd
* 123qwe
* 2002
* 2003
* 2600
* 54321
* 654321
* 88888888
* a
* aaa
* abc
* abc123
* abcd
* Admin
* admin
* admin123
* administrator
* alpha
* asdf
* computer
* database
* enable
* foobar
* god
* godblessyou
* home
* ihavenopass
* Internet
* Login
* login
* love
* mypass
* mypass123
* mypc
* mypc123
* oracle
* owner
* pass
* passwd
* Password
* password
* pat
* patrick
* pc
* pw
* pw123
* pwd
* qwer
* root
* secret
* server
* sex
* super
* sybase
* temp
* temp123
* test
* test123
* win
* xp
* xxx
* yxcv
* zxcv

When the worm is logged to the remote system, it copies itself as:

* C:/WINDOWS/Start Menu/Programs/Startup/INST.EXE
* C:/WINNT/All Users/Start Menu/Programs/Startup/INST.EXE
* C:/Documents and Settings/All Users/Start Menu/Programs/Startup/INST.EXE

and it will automatically activated by the next system start. It makes the file DVLDR32.EXE and the registry entry:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
messnger = %WurmPfad%/Devldr32.exe

The worm drops the file PSEXEC.EXE in the same folder. This file belongs to a network tool of Sysinternals and provokes no damage. Worm/Deloder tries to download from Internet a backdoor program and saves it in the file RUNDLL32.EXE in Windows.
Descrizione inserita da Crony Walker su martedì 15 giugno 2004

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.