W32/Spybot-DD is a peer-to-peer worm and a backdoor Trojan that copies itself into the Windows system folder with the name ntsys32.exe and with a random name.
The worm creates the folder kazaabackupfiles in the Windows system folder and copies itself into this folder with the following file names:
alcohol 120 all versions crack.exe
clone cd crack all versions.exe
Foxtel austar and Satellite Pay tv hack smart card cloner.exe
Hack any pc program.exe
hack any pop3 email account.exe
illegal britney spears pics before she was 18.exe
Jannet jackson superbowl picks and clips.exe
kazaa hacker sercret codes.exe
kazaa speed booster hack.exe
Microsoft office crack all versions.exe
Naked britney spears undresser great.exe
nero burning rom crack all versions.exe
N-Gage came cloning software
nokia free calls codes all nokias.exe
Pay Tv hacker.exe
porn site password cracker.exe
Real hotmail hacker.exe
Real yahoo mail cracker.exe
Secret mobile phone codes free calls.exe
Secret nokia codes free calls.exe
Virtual sex woman orgasm game.exe
Windows crack and keygen all versions.exe
xp crack and keygen all versions.exe
W32/Spybot-DD can log keypresses and logs on to predefined IRC servers and waits for backdoor commands. W32/Spybot-DD is a peer-to-peer worm and a backdoor Trojan that copies itself into the Windows system folder with the name ntsys32.exe and with a random name and sets the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Winsock2 driver
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Winsock2 driver
The worm creates the folder kazaabackupfiles in the Windows system folder and copies itself into this folder with the following file names:
alcohol 120 all versions crack.exe
clone cd crack all versions.exe
Foxtel austar and Satellite Pay tv hack smart card cloner.exe
Hack any pc program.exe
hack any pop3 email account.exe
illegal britney spears pics before she was 18.exe
Jannet jackson superbowl picks and clips.exe
kazaa hacker sercret codes.exe
kazaa speed booster hack.exe
Microsoft office crack all versions.exe
Naked britney spears undresser great.exe
nero burning rom crack all versions.exe
N-Gage came cloning software
nokia free calls codes all nokias.exe
Pay Tv hacker.exe
porn site password cracker.exe
Real hotmail hacker.exe
Real yahoo mail cracker.exe
Secret mobile phone codes free calls.exe
Secret nokia codes free calls.exe
Virtual sex woman orgasm game.exe
Windows crack and keygen all versions.exe
xp crack and keygen all versions.exe
The worm sets the following registry entry to point to this new folder:
HKCU\Software\Kazaa\LocalContent\Dir0
W32/Spybot-DD can log keypresses and logs on to predefined IRC servers and waits for backdoor commands.
-------------------------------------------------------------------------------------
Please follow the instructions for removing worms.
Change any data that may have become compromised.
You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Winsock2 driver
and delete it if it exists.
Each user has a registry area named HKEY_USERS\[code number indicating user]\. For each user locate the entry:
HKU\[code number]\Software\Microsoft\Windows\
CurrentVersion\RunOnce\Winsock2 driver
and delete it if it exists.
Close the registry editor and reboot your computer.
Monday, January 19, 2009
Subscribe to:
Posts (Atom)