Need help? Ask the community or hire an expert.
Go to Avira Answers
Alias:
Type:Worm 
Size:25.088 Bytes 
Origin: 
Date:12-01-2000 
Damage:Sent by email. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:High 

DistributionIt searches all traffic on the network or Internet for email addresses. The email has the following structure:

From: Hahaha %hahaha@sexyfun.net%

Subject: Snowhite and the Seven Dwarfs ? The REAL story Branca de Neve prono! Enanito si, pero con Sque pedazo Les 7 coquir nains

Body: Today, Snowhite was turning 18. The 7 Drawfs always where very educated and polite with Snowwhite. When thy go out work at mornign, they promissed a ..... C? etait un jour avant son dix huitiem anniversaire. Les 7 nains, qui avaient aid ?blanche neige? toutes ves annes aprs qu?elle se soit enfuit.....

Attachment: sexy virgins.scr joke.exe atchim.exe dunga.scr midgets.exe blancheneige.exe enano.exe enano porno.exe blanca de nieve.scr enanito fisgon.exe sexynain.scr blanche.scr nains.exe branca de neve.scr ano pron.scr famous.exe celebrity rape.exe leather.exe sex.exe hottest.exe cum.exe cumshot.exe Anna.exe Raquel Darian.exe Xena.exe Xuxa.exe Suzete.exe horny.exe anal.exe gay.exe oral.exe pleasure.exe sexy.exe hot.exe asian.exe lesbians.exe teens.exe virgins.exe boys.exe girls.exe messy.exe kinky.exe fist-fucking.exe amateurs.exe cheerleader.exe SM.exe sado.exe suck.exe orgy.exe black.exe blonde.exe sodomized.exe hardcore.exe slut.exe doggy.exe

Technical DetailsIf Windows uses WSOCK32.DLL and the worm can not change it, it makes a copy of the file, modifies the copy and using WININIT.INI, it will cause the replacement of the original with the altered file by the next system start.


Next, the worm creates a random file in Windows directory, containing its code and makes the registry entries: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]{Default} = %WinDIR%\WormName [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]{Default} = %WinDIR%\WormName

If WSOCK32.DLL is infected, the worm searches the network and the Internet through it. HYBRIS is known to have converted its own Plugins to send itself to the server.
Açıklamayı yerleştiren Crony Walker tarihinde 15 Haziran 2004 Salı

Geri . . . .
https:// Bu pencere güvenlik amacıyla şifrelenmiştir.