English
Russian
Japanese
LatAm
Türkiye
Brasil
France
Český
Deutschland
P2P-Worm.Win32.Franvir
| Class | P2P-Worm |
| Platform | Win32 |
| Description |
Technical DetailsThis worm spreads via file-sharing networks. The worm itself is a Windows PE EXE file approximately 1274KB in size. InstallationOnce launched, the worm causes the following error message to be displayed:  On repeated launched, the worm will cause the error message below to be displayed:  When installing, the worm copies itself to the Windows root directory as “microsoftscanreg.exe”: %Windir%microsoftscanreg.exe It then registers this file in the system directory, ensuring that the worm will be launched each time Windows is rebooted on the victim machine: [HKLMSoftwareMicrosoftWindowsCurrentVersionRun] "Microsoft Scanreg" = "%Windir%microsoftscanreg.exe" Propagation via P2PThe worm checks to see if Kazaa is installed on the victim machine, and creates the following folder: %Windir%scanregfilekazaaMy Shared Folder The worm then copies itself to this folder under the following names: Age Of Mythology FR CRACK.exe Alcatraz Fr Crack.exe Allopass + audiotel Keygen 2003.exe Arx Fatalis FR CRACK.exe Battlefield 1942 FR Crack.exe Clone CD 5 keygen.exe Delphi 5 fr crack keygen.exe Delphi 6 fr crack keygen.exe Delphi 7 fr crack keygen.exe Dreamweaver MX keygen + crack by orran.exe Fire-Works MX keygen + crack by orran.exe Flash MX keygen + crack by orran.exe Madden NFL 2003 FR CRACK.exe Mafia Fr Nocd.exe Medieval Total War Fr Crack.exe Mega-Serial Microsoft Macromedia Borland Photoshop.exe Nero FR 6 keygen + crack.exe No One Lives Forever 2 FR CRACK.exe Office XP fr Activation crack keygen.exe Photoshop FR 7 keygen + crack by orran.exe Sim City 4 FR Crack by zorio.exe Unreal 2003 Fr Nocd.exe Visual Basic fr 6.00 crack keygen.exe Visual fr c++ crack keygen.exe Visual.net fr Activation keygen crack.exe Winace fr 4 keygen crack.exe Windows XP Activation fr home Pro keygen 2003.exe Windows XP fr home et pro SP1 crack.exe Winrar fr 3.X keygen.exe Winzip fr 8.X keygen crack.exe The worm modifies the configuration of Kazaa in the system registry so the resources which are shared by default will include the folder created by the worm: [HKCUSoftwareKazaaLocalContent] "DownloadDir" = "%Windir%scanregfilekazaaMy Shared Folder" This means that other Kazaa users will be able to access these files. |