Email-Worm.Win32.VB.cv spreads via unsecured network shares. It can modify internet explorer and add to favorites the following:
- ABOUT_BANGLADESH – http://ourbangla.com
- I_HATE_RAZAKER – http://muktijuddha.com
- VISIT_BANGLADESH – http://www.parjatan.org
Aliases:
WORM_HIMU.A
W32.Himu.A@mm
Risk Level: Low
Affected System: Windows
Related Files and Process:
- %UserProfile%\Start Menu\Programs\Startup\SERVIC3S.exe
- %ProgramFiles%\WindowsUpdate\System Security\passwordlist.exe
- %ProgramFiles%\WindowsUpdate\System Security\Updates.tmp\bangladesh.exe
- %ProgramFiles%\WindowsUpdate\System Security\Updates.tmp\love.exe
- %ProgramFiles%\WindowsUpdate\System Security\usernames.exe
- D:\SystemVoliumeInfo\services.exe
- D:\SystemVoliumeInfo\Mails\asdf45396ftADMIN.exe
- D:\SystemVoliumeInfo\Mails\USERNAE485369KD5L.exe
- D:\SystemVoliumeInfo\Mails\STATUSreport252.exe
- D:\SystemVoliumeInfo\Mails\global_report.exe
- D:\SystemVoliumeInfo\Mails\BBCandCNNreport.exe
Symptoms: When the worm is executed, it first displays a dialog box with the following characteristics:
Title: Compressed (zipped) Folders Error
Body: The Compressed (zipped) Folder is invalid or corrupted
View Additional Information and Removal: W32.Himu.A@mm
More Info: View full report from Symantec
Any Response?
Can't Find a Solution?
Start a Discussion Here!