Home > General > Worm_vote.k


Worm_vote.k Discussion in 'Virus & Other Malware Removal' started by ladyjeweler, Sep 10, 2003. Displays a messagebox: WORLD TRADE CENTER WE WILL ALWAYS REMEMBER THOSE LOST SOULS... This malicious script file DCC sends the Operate_Me.co_ file to all users connected to the same IRC channel as the infected host. Nedlastinger Partnere Om oss Norge Logg inn Kjøp nå Trend Micro produkter Velg: Produkter for forbrukere Produkter for SMB Produkter for storbe drifter Finn en forhandler Velg: Gratis prøveversjoner Få gratis More about the author

Jeannie ladyjeweler, Sep 11, 2003 #3 This thread has been Locked and is not open to further replies. Then, delete all files detected as ADW_FASTLOOK.A. REMEMBER OUR LOST SOULS ! Populære produkter: Worry-Free Advanced OfficeScan Deep Security Endepunktkryptering Søk:Submit Home>Security Intelligence>Threat Encyclopedia>Search Search Security IntelligenceSecurity NewsBusiness SecurityHome & Office SecurityCurrent Threat ActivityThreat Intelligence CenterDeep WebTargeted Attacks Enterprise Security Securing ICS

THERE IS ONE BUILDING UP RIGHT NOW Let's Unite In This Horrible Kaos. %Email address%... Contact Support F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site. For example, if it deletes a file named SONG.WAV, it creates a copy of itself as SONG.WAV.EXE.

  • The worm creates this folder but fails to save any files there.
  • Buy Home Office Online Store Renew Online Business Find a Partner Contact Us 1-877-218-7353 (M-F 8am - 5pm CST) Small Business Small Business Online Store Renew Online Find a Partner Contact
  • DIAL_PORNAF.417 ...able to terminate the grayware process as described in the previous procedure, restart your system.
  • Staff Online Now TerryNet Moderator Noyb Trusted Advisor Advertisement Tech Support Guy Home Forums > Security & Malware Removal > Virus & Other Malware Removal > Home Forums Forums Quick Links
  • Share the knowledge on our free discussion forum.
  • WE COUNT ON YOU ! %Email address% Greetings, World War Veterans.
  • Creates a startup key in the Registry: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "W32Tc" = "c:\Windows\WTC32.scr" 2.
  • It deletes several files and replaces .EXE files with a copy of itself.
  • The Internet has been host to many different medias for expressing thoughts and getting information about the attacks on the World Trade Center and the Pentagon.
  • Changes the Product Name (Windows name) to: w32.hllw.I-Worm.WTC.03 3.

These alerts document threats that are active in the wild and provide SenderBase RuleIDs for mitigations; sample email messages; and names, sizes, and MD5 hashes of files. However the worm failed to create such a file during our tests. 5. Email Propagation This worm uses Microsoft Outlook to send copies of itself to all recipients found in the system's Outlook address book. This file is responsible for setting the C:\WINDOWS\SYSTM32 folder as one of the shared folders used by the Kazaa peer-to-peer application.

The email has the following details: Subject: %Email address%. %s% THE WAR WILL BE ON FOREVER! In the Named... In the left panel, double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run In the right panel, locate and delete the entry or entries whose data value is the malware path and file name I WAS FUCKING THE STATUE OF LIBERTY WHILE BUSH WAS FUCKING HIS GRANDMA BILL CLINTON WAS SUCKING MY DICK DURING THE BOMBING LORENA, MY SISTER FUCKED ME BEFORE SHE SUCKED BILL

Firewall filtering of hazardous e-mail attachments can prevent the distribution of these worms before they reach internal systems.Patches/Fixed SoftwareThe AVP Virus Description forI-Worm.Vote,I-Worm.Vote.band I-Worm.Vote.c is available at the following link: Virus Attachments: WTC32.SCR WTC32.DLL %Email address% is the the email address of the recipient and %s% can be any of the following text strings: NOW OUR MISSION: DEATH ? Other Internet users can use HouseCall, Trend Micro�s free online virus scanner. Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network, small and medium business, mobile device or home PC.

Featured Stories RansomwareBusiness Email CompromiseDeep WebData

DAT files4164 and later are available at the following link: McAfee The McAfee Virus Description for W32/[email protected] is available at the following link: Virus Description. Click the �Reset Web Settings�� button. The latest virus definitions are available at the following link: Symantec The Symantec Security Response for [email protected] available at the following link:Security Response. or Find..., depending on the version of Windows you are running.

THE WORLD WAR THREE WAS HERE ! http://midsolutions.org/general/worm-gruel-h.html Deleting Grayware File/Link Right-click Start then click Search... Upon execution, it creates a toolbar... THE WORLD WAR THREE IS HERE !

All rights reserved. 百度首页 新闻 网页 贴吧 知道 音乐 图片 视频 地图 百科 文库 进入词条搜索词条帮助 关闭 声明:百科词条人人可编辑,词条创建和修改均免费,绝不存在官方及代理商付费代编,请勿上当受骗。详情>> 首页 分类 艺术 科学 自然 文化 地理 生活 社会 人物 经济 体育 历史 特色百科 By design it should have saved there the following files: 18_Britney_Sucking_Sex_ Teen_Pussy_Hardcore_Sex_ XXX_Christina_Celebrities_Pamela_Sex_Screensaver_ XXX_Teens_Hot_Gauge_Aria_Jennifer_Sex_Screensaver_ F*cking_Hot_Horny_Screensaver_ Orgy_Incest_Illegal_Sex_ These files would have had the following extensions: .jpg.scr .mpg.scr .avi.scr 7. Many administrators block attachments with the .exe file extension because it is known as a potentially hazardous type of file. click site First, you'll have to convert it to a .com file then walk it and become a channel operator instantly...

Hvor kjøper du? This is not the first worm that references the September 11 anniversary. [email protected] contains no new features or payloads and seems to be a combination of the previous two worms. 2001-September-27 17:06 GMT 1 Version 4, September 26, 2001; 06:14 PM: Additional information

Creates HTML 'shadow' files for every AI, PSD, TXT, PIF, DOC and RTF file.

mIRC and ICQ. It does this by adding or modifying the following registry entry: HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Main Start Page = "c:\Windows\WTC32.scr" Furthermore, its dropped component BAT_VOTE.K overwrites WIN.INI and SYSTEM.INI files in the Windows Click Start>Settings>Control Panel. In the list of running programs*, locate the malware file or files detected earlier.

The infected users Internet home page is sent to the site that attempts to download the trojan. It runs on Windows 95, 98, ME, NT, 2000, and XP. AUTOSTART.BAT, in turn, drops the following copies of itself: C:\suPs\YYYBP.BAT C:\Autorun.bak C:\Windows\Startm~1\Programs\StartUp\CNIAD.BAT C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NTFS.BAT It also drops a text file, C:\WTC.TXT, which contains the following string: You Are navigate to this website Version 1 September 24, 2001; 03:12 PM: [email protected] is a mass-mailing worm that has been reported in the wild.

This malicious HTML file contains a link with the following message: Welcome... Protection has been included in virus definitions for Intelligent Updater and LiveUpdate since September 26, 2001. WAR MEMOIRS FROM IRAQ ! This may also be downloaded to the system through a malicious script in a...

Central Command can be updated using the Internet Updater feature. The batch file component overwrites the WIN.INI file with the following lines: [windows] load=C:\WINDOWS\system\WINI.bat run=C:\WINDOWS\system\WINI.bat NullPort=None It overwrites SYSTEM.INI with the following lines: [boot] shell=explorer.exe C:\WINDOWS\pbbgt.bat After this is accomplished, the Propagation via KaZaA To propagate via KaZaA, this worm first drops a copy of itself using the following file names in the C:\Windows\System32 folder: 18_Britney_Sucking_Sex.scr Teen_Pussy_Hardcore_Sex.scr XXX_Christina_Celebrities_Pamela_Sex_Screensaver.scr XXX_Teens_Hot_Gauge_Aria_Jennifer_Sex_Screensaver.scr Fucking_Hot_Horny_Screensaver.scr Orgy_Incest_Illegal_Sex.scr Next, THE WORLD WAR THREE IS HERE !

The worms overwrite the autoexec.bat file so that it contains a command that formats the C:\ drive when the system is started. Fight For Us....!!! ...And Let Us Remember Those Lost Souls ! DIAL_PORNAF.402 ...able to terminate the grayware process as described in the previous procedure, restart your system. Download the latest scan engine here.