Detect Date | 01/22/2010 |
Class | Virus |
Platform | Win32 |
Description |
Once launched, the virus writes its code to the “explorer.exe” address space. The infected process then searches for all files with an .exe extension and appends the virus code to all files found. Folders with the names listed below will not be scanned for files: QQ
Windows WINNT Local SettingsTemp The files listed below will not be infected: wooolcfg.exe
woool.exe ztconfig.exe patchupdate.exe trojankiller.exe xy2player.exe flyff.exe xy2.exe au_unins_web.exe cabal.exe cabalmain9x.exe cabalmain.exe meteor.exe patcher.exe mjonline.exe config.exe zuonline.exe userpic.exe main.exe dk2.exe autoupdate.exe dbfsupdate.exe asktao.exe sealspeed.exe xlqy2.exe game.exe wb-service.exe nbt-dragonraja2006.exe dragonraja.exe mhclient-connect.exe hs.exe mts.exe gc.exe zfs.exe neuz.exe maplestory.exe nsstarter.exe nmcosrv.exe ca.exe nmservice.exe kartrider.exe audition.exe zhengtu.exe The virus is also able to download other malicious programs to the victim machine; these are programs which are designed to steal online game passwords. In order to do this, the virus sends a request which contains the victim machine’s parameters to the following links (at the time of writing, these links were not active): http://message.microsofte.in/counter.asp?action*****
http://imrw0rldwide.com/DL/counter.asp?action*****
|
Find out the statistics of the threats spreading in your region |