Worm.Win32.Feebs

Detect Date 01/11/2006
Class Worm
Platform Win32
Description

Worm.Win32.Feebs.gen is the detection for a number of variants in this family of Internet worms. Worms from the Feebs family spread as an attachment to infected messages and also via file-sharing networks.

Worms from the Feebs family are capable of terminating firewall and antivirus programs.

This “gen” detection will detect a JavaScript component which spreads as an attachment to infected messages. This component downloads an executable copy of the worm from designated servers, saves it to the victim machine, and launches it for execution.

The JavaScript component will also cause a fake Internet page to be displayed, which informs the user that there is no connection available.

If it detects them on the victim machine, the JavaScript component will also delete the following records from the system registry:

[HKLMSystemCurrentControlSetServices]



"FirePM" 



"KmxFile" 



"pcipim" 



"pcIPPsC" 



"RapDrv"