Virus:Email-Worm.Win32.Warezov.lgOther versions:.at , .bw , .do , .et, .ex, .gl, .iq, .jv, .jx, .la, .lb, .ms , .mx , .nd , .nf , .ns , .nv , .oa , .oi
This modification of Warezov is a component which is used by other variants in this family. It is a Windows DLL file. It is 364,544 bytes in size. InstallationWhen loaded, the file will check which process it is loaded into. If the process is called "winlogon.exe", the following files will be extracted to the Windows system directory: %System%\wmvprf32.dll%System%\wmvstat.dll %System%\confwmv.dll %System%\wmvconf.exe This files will be detected by Kaspersky Anti-Virus as other modifications of Warezov: Email-Worm.Win32.Warezov.lf , Email-Worm.Win32.Warezov.lg and Email-Worm.Win32.Warezov.kz . To ensure that its components are loaded when Windows is rebooted, the worm adds a link to them in the system registry key: [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
The worm scans open windows for fields where passwords will be entered. It will harvest data entered in the fields. The worm also disables system security components by simulating a click on ‘OK' in the relevant dialogue boxes. The worm also creates an SMTP proxy server on a random TCP port, and sends the IP address of the victim machine and the number of the open port to the remote malicious user's site. It also sends the information which it harvested to the site.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
|
|||||||||||