20170618

W32.Bropia.C

W32.Bropia.C
【外部リンク】
https://www.symantec.com/security_response/writeup.jsp?docid=2005-012616-3527-99&tabid=2
Discovered:
January 26, 2005
Updated:
February 13, 2007 12:32:30 PM
Also Known As:
Win32.Bropia.B [Computer Assoc, IM-Worm.Win32.VB.c [Kaspersky , W32/Bropia.worm.d [McAfee], W32/Bropia-C [Sophos], WORM_BROPIA.D [Trend Micro]
Type:
Worm
Systems Affected:
Windows
When W32.Bropia.C is executed, it performs the following actions:

Opens and locks the following files to prevent these programs from being started:

%System%\taskmgr.exe
%System%\cmd.exe

Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Searches for the following files:

%System%\winexec32.exe
%System%\adaware32.exe
%System%\VB6.EXE
%System%\iexplore.exe

If the files are not present on the computer, the worm drops and executes the following file:

C:\cz.exe

Note: The dropped file is detected as a variant of W32.Spybot.Worm.

Copies itself to the C drive using one of the following file names:

LOL.scr
Webcam.pif
hahahaha.pif
me_2005.pif
sister.pif
--

注目の投稿

cURL error 60: SSL certificate problem: unable to get local issuer certificate

cURL error 60: SSL certificate problem: unable to get local issuer certificate 更新失敗: ダウンロードに失敗しました。 cURL error 60: SSL certificate problem: ...

人気の投稿