Archive for the ‘Worm’ Category

[27 Apr 2009 | 5 Comments | ]

P2P-Worm.Win32.Palevo!IK is a worm that spreads on file-sharing networks. P2P-Worm.Win32.Palevo!IK also propagates by infecting removable USB drives and utilized an Autorun.Inf file to run itself when volume is mounted.

[13 Apr 2009 | 2 Comments | ]

W32/Conficker.worm.gen.d is a heuristic detection for worm that propagates on computers by exploiting the Microsoft Windows Server Service Vulnerability (MS08-067). W32/Conficker.worm.gen.d can also drop additional malicious files to further harm the computer. When infected computers with NTFS file system, this worm will modify access permissions and can disable Administrators account.

[11 Apr 2009 | 2 Comments | ]

Tanatos.P.Dropper is a worm that propagates through email attachment. Once executed, Tanatos.P.Dropper registers itself in the system registry auto-run key so that its malicious code will activate each time Windows is started.

[22 Feb 2009 | 3 Comments | ]

I-Worm/Brontok.X is a worm that arrives as an email attachment. When executed, it will modify Windows registry and add an entry to start itself each time Windows is started. I-Worm/Brontok.X propagate by using the infected computer to mass-send itself. Aliases: – Risk Level: Low File Size: Varies Affected System: Windows

[6 Feb 2009 | 8 Comments | ]

Email-Worm.Win32.Net is a threat detected by a “My Computer Online Scan,” a fake security scanner website that pose as a Windows Explorer and deceive computer users of its scary alert messages. One rogue program that the website promote is called Security Shield.

[25 Jan 2009 | 4 Comments | ]

Net-Worm.Win32.Kido is a polymorphic worm that propagates by exploiting software vulnerabilities in MS Word. Net-Worm.Win32.Kido is capable of ending security-related process and Windows System Restore.

[19 Jan 2009 | 26 Comments | ]

resycled\ntldr.com is a worm that usually spreads on local and removable USB drives. resycled\ntldr.com can modify system files and prevent access on the infected drives. When removed with antivirus it will display a message “resycled\ntldr.com is not a valid Win32 application” because some remnants are still present.

[12 Jan 2009 | 11 Comments | ]

Win32.Zafi.B is a threat being displayed by a fake antivirus program to trick computer users and forced them to acquire an illegitimate and unwanted security application. On some instances, if the threat was detected by a legitimate and known antivirus programs, Win32.Zafi.B is a real threat and may be given attention before it further harm your computer. Aliases: I-Worm.Zafi.b, W32/Zafi.b@MM, W32.Erkez.B@mm, W32/Zafi-B, PE_ZAFI.B, I-Worm/Zafi.B, Worm.Zafi.B, W32/Zafi.B.worm Risk Level: Medium File Size: Varies Affected System: Windows 1. Rogue security programs will redirect web browser to a fake security website and popup Security Center Alert messages.