Infoweb 2000 di Ribaudo Grazia servizi internet servizi web consulenza e servizi marketing servizi grafici news servizi infoweb 2000 area clienti Infoweb 2000
[news infoweb 2000]  [bollettino virus]  [educazione al web]  [netiquette]  [glossario]  [faq]  [linkexchange]  [home]
Sviluppo applicazioni web in cfml 09-03-08
ACQUISIZIONI 2008 - CIVICO MUSEO PARISI-VALLE
Inaugurazione domenica 9 marzo ore 17.30. Grazia Ribaudo tra gli artisti acquisiti nel 2008 dal Civico Museo Parisi-Valle di Maccagno (VA).

01-09-04 - Worm/Bagle.AN

BASSO Alias: W32/Bagle.AN
  Tipo: Trojan Downloader
  Dimensione: 18.436 bytes
  Piattaforma: Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP, Windows Server 2003
     
  Descrizione: Worm/Bagle.AN is an Internet worm that sends itself to other recipients by locating email addresses on the local disk.

The email will have the following email characterisitics:

Subject: foto
Body: foto
Attachment: foto.zip or fotos.zip

It also drops copies of itself to folders containing the string "shar". Those dropped files have the following file names:

- ACDSee 9.exe
- Adobe Photoshop 9 full.exe
- Ahead Nero 7.exe
- Kaspersky Antivirus 5.0
- KAV 5.0
- Matrix 3 Revolution English Subtitles.exe
- Microsoft Office 2003 Crack, Working!.exe
- Microsoft Office XP working Crack, Keygen.exe
- Microsoft Windows XP, WinXP Crack, working Keygen.exe
- Opera 8 New!.exe
- Porno pics arhive, xxx.exe
- Porno Screensaver.scr
- Porno, sex, oral, anal cool, awesome!!.exe
- Serials.txt.exe
- WinAmp 5 Pro Keygen Crack Update.exe
- WinAmp 6 New!.exe
- Windown Longhorn Beta Leak.exe
- Windows Sourcecode update.doc.exe
- XXX hardcore images.exe

If executed, it copies itself in the System directory under the filenames "windll.exe", "windll.exeopenopen", "windll.exeopen".

In order to get executed each time Windows is restarted, the following registry keys are added:

- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"erthgdr"="C:\\WINDOWS\\System32\\windll.exe"

It also deletes the following registry keys:

- HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"My AV" in key "
"Zone Labs Client Ex"
"Zone Labs Client Ex"
"9XHtProtect" in key "
"9XHtProtect" in key "
"Antivirus" in key "
"Antivirus" in key "
"Special Firewall Service" in key "
"Special Firewall Service" in key "
"service" in key "
"service" in key "
"Tiny AV" in key "
  Consigli:
     
  Link Utili: http://punto-informatico.it/salvapc/index.asp
    http://www.centralcommand.com/virus_descriptions.html





SalvaPC aiuta a difendere il tuo pc!
 
[home] [privacy] INFOWEB 2000, Via XXIV Maggio 10, 20030 Bovisio Masciago (MI)
Tel. 0362.593888, Fax 0362.571270, info@infoweb2000.com