Continue Virus Warning: W32 / Bereb-B, Troj / Eyeveg-C, W32 / Netsky-M

Virus name

Summary

Detail

W32 / Bereb-B

W32 / Bereb-B is a computer worm that functions as a Trojan. W32 / Bereb-B can listen to commands on special IRC channels.

Nickname
Worm.P2P.Astaber, Win32 / Bereb.C, W32.HLLW.Bereb, WORM_BEREB.B

W32 / Bereb-B is a peer-to-peer worm, capable of cloning into pieces shared startup in the Windows directory under many different names, including:

007 Crack.exe
007 keygen.exe
007.exe
3D Flash Animator v3.7.exe
3D magic Pixel 3D Crack.exe
3D magic Pixel 3D.exe
9 naked girls.exe
ws_ftp.exe
xbox emulator (works !!) .exe
xbox.info.exe.exe
xxx.exe

- To startup items can be turned into shared folder , W32 / Bereb-B will add the values ​​to the registry at the following address:

HKCUSoftwareKazaaLocalContentDir0 = & lt; path to the startup directory & gt;

W32 / Bereb-B will also clone to the Windows directory with the name svckernell.com The and create registry keys at the following address so that it can be activated when the computer starts:

HKLMSoftwareMicrosoftWindows
CurrentVersionRunsvckernell

- W32 / Bereb-B is a backdoor trojan that infects IRC channels, and can listen for commands on special IRCs.

- W32 / Bereb-B creates the file library.dat in the WinMx directory under the Program Files folder. This file is not dangerous and can be deleted.

& nbsp;

Troj / Eyeveg-C

Troj / Eyeveg-C is a trojan that allows hackers to access and gives full control over infected computer.

- Troj / Eyeveg-C is a password-stealing Trojan that works in Windows environment.

- To be able to run automatically every time Windows starts, Troj / Eyeveg-C clone to a file with a random name in the system directory (Windows) and add the registry keys associated with this file.

- Troj / Eyeveg-C will also clone into the Windows startup folder.

- Troj / Eyeveg-C collects system and password information and sends it to a web site.

& nbsp;

W32 / Netsky-M

W32 / Netsky-M is a "deep bomb", capable of replicating itself and spreading to addresses collected from infected computers.

- W32 / Netsky-M is a self-replicating "worm" and spread by address collected from infected computers.

- W32 / Netsky-M copies itself to the Windows directory under the name AVPROTECT9X.EXE The And to make sure the worm can be activated when the computer boots, W32 / Netsky-M will add the registry values ​​to the following address:

HKLMSoftwareMicrosoftWindows
CurrentVersionRun9XHtProtect =
AVprotect9x.exe

- W32 / Netsky-M collects e-mail addresses from files with the following extensions: & nbsp;

HTML, EML, TXT, PHP, VBS, RTF, UIN, ADB, TBB, DBX, ASP, WAB, DOC, SHT

E-mail infected W32 / Netsky-M carry the following characteristics

Headline

Re: <recipient_name> Requested file
Re: <recipient_name> My file
Re: <recipient_name> My document
Re: <recipient_name> My information
Re: <recipient_name> My details
Re: <recipient_name> Information
Re: <recipient_name> Improved
Re: <recipient_name> Requested document
Re: <recipient_name> Document
Re: <recipient_name> Details
Re: <recipient_name> Your document
Re: <recipient_name> Your details
Re: <recipient_name> Approved

Current message:

Details for <attached_filename>
Document <attached_filename>
Đã nhận được tài liệu. The improved document <attached_filename> is attached.
I have attached your document <attached_filename>
Your document <attached_filename> bị gắn vào thư này.
Authenticification for <attached_filename> required.
Requested file <attached_filename>
Xem tập tin <attached_filename>
Hãy đọc thư chính msg_ <attached_filename>
Hãy kiểm tra tài liệu <attached_filename>
<attached_filename> is attached.
Your file <attached_filename> is attached.
Hãy đọc tài liệu <attached_filename>
Your document <attached_filename> is attached.
Hãy đọc tập tin kèm <attached_filename>
Please see the attached file <attached_filename> for details.

Attachments (with an extension of ".pif")

<recipient_name>
improved_ <recipient_name>
message_ <recipient_name>
detailed_ <recipient_name>
your_document_ <recipient_name>
word_doc_ <recipient_name>
doc_ <recipient_name>
articel_ <recipient_name>
picture_ <recipient_name>
file_ <recipient_name>
your_file_ <recipient_name>
details_ <recipient_name>
document_ <recipient_name> & nbsp; & nbsp;

& nbsp;