Spyware and Malware Removal

 
Recent Posts
Free Scanners
How to Prevent Spyware
Spyware and other unwanted software can invade your privacy, bombard you with pop-up windows, slow down your computer, and even make your computer crash. Here are several ways you can help protect your computer against spyware and other unwanted software. more >>
Microsoft Security Updates
As part of Microsoft's routine, monthly security update cycle, today we released two new security updates. more >>
Protecting Your Computer
Here are 4 basic steps to protect your computer against attacks and threats. more >>
Minimizing the Risk
Using Internet communication tools such as chat rooms, e-mail, and instant messaging can put children at potential risk of encountering online predators. more>>

W32/Sdbot.worm Family

Monday, May 29, 2006
Overview:
There are now over 4000 variants of this threat, many of which were proactively detected, and this number continues to grow at a rapid rate.

AVERT is constantly enhancing generic detection for this family. To ensure you have appropriate protection please do use the latest DATs, latest engine and do not disable scanning of packed executable files.

Characteristics:
These worms typically spread via network shares and create a remote access point for attackers to exploit.

Some variants of W32/Sdbot.worm can take advantage of the following vulnerabilites:
- DCOM RPC vulnerability (MS03-026)
- WEBDAV vulnerability (MS03-007)
- LSASS vulnerability (MS04-011)
- ASN.1 vulnerability (MS04-007)
- Workstation Service vulnerability (MS03-049)
- PNP vulnerability (MS05-039)
- Imail IMAPD LOGIN username vulnerability
- Cisco IOS HTTP Authorization Vulnerability

Files and process known to be related to W32/Sdbot.worm:
amdpatchB.exe
cmst32.exe
hcgnwlmqge.exe
hjkds.exe
hlcbome.exe
iexplore.exe
jxsrwb.exe
kveuto.exe
ms.exe
msgfix.exe
msgfix1.exe
msmon32.exe
msmon32b.exe
msnmssgs.exe
mstasks.exe
nav32.exe
ns32.exe
rssdd.exe
spool.exe
spoolserv.exe
spoolsvc.exe
svchosst.exe
svcnet.exe
svhosint32.exe
syntwin32.exe
system.exe
system03.exe
Systmesy.exe
taskmngr.exe
unreal.exe
wc.exe
WindowsSys32.exe
WINL0G0N.exe
winudap.exe
winumc.exe
winupdate32.exe
wsndlg32.exe
wuamagrd.exe
wuamgrd.exe
wuamgrd2.exe
wuamgrdk.exe
wvsvc.exe

Symptoms:
The worm disables default admin shares (such as C$, D$, and Admin$) on WinNT/2K/XP systems .

Source: MCAfee Threat Center

MCAfee Users Removal: click here
posted by hitech-leiza @ Monday, May 29, 2006  
0 Comments:
Post a Comment
<< Home
 
Free Stuff

Ads
Sidebar
Archives
Powered by

Free Blogger Templates

BLOGGER

© Spyware and Malware Removal Template by Isnaini Dot Com