Worm exploits the DCOM RPC vulnerability in Microsoft Windows. Lovesan is a Windows PE EXE file about 6KB (compressed via UPX - 11KB when decompressed) worm propagates by creating copies of itself on local disks and network resources.
Original Description:
Original Title
Worm Bootok.exe Net-Worm.win32.Lovesan.a Lovesan is an Internet Worm Which Exploits
Worm exploits the DCOM RPC vulnerability in Microsoft Windows. Lovesan is a Windows PE EXE file about 6KB (compressed via UPX - 11KB when decompressed) worm propagates by creating copies of itself on local disks and network resources.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online from Scribd
Worm exploits the DCOM RPC vulnerability in Microsoft Windows. Lovesan is a Windows PE EXE file about 6KB (compressed via UPX - 11KB when decompressed) worm propagates by creating copies of itself on local disks and network resources.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online from Scribd
exploits the DCOM RPC vulnerability in Microsoft Windows described in MS Security Bulletin MS03-026. Lovesan is written in C using the LCC compiler. The worm is a Windows PE EXE file about 6KB (compressed via UPX - 11KB when decompressed). Lovesan downloads and... Malware d3dim.dll Virus.DOS.Acapulco.1971 It's a not dangerous memory resident parasitic virus. It hooks INT 21h and writes itself at the end of COM- and EXE-files are executed. Sometimes it hooks INT 08h (timer) and plays several tunes. Worm exe2bin.exe Worm.Win32.AutoRun.bnb This worm propagates by creating copies of itself on local disks and write-accessible network resources. It is a Windows PE EXE file. It is 46592 bytes in size. It is packed using UPX. The unpacked file is approximately 107MB in size. Installation The worm copies its executable file to the... Rogue kbdda.dll Virus.DOS.Exorcist.212 It is a very dangerous nonmemory resident overwriting virus. It searches for COM files, then overwrites them, and displays the message: Bad command or file name then returns to DOS. On 1st of any month the virus erases sectors on the C: drive. The virus also contains the text strings: [RED... Rogue kbdla.dll Virus.DOS.Glew.4245 This is a very dangerous memory resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of EXE files that are executed, opened or closed. The virus does not infect several anti- virus programs (TBAV, FVIRU,0, F-PROT, AVP, e.t.c.) and COMMAND.COM according to the string: TB... Trojan jscript.dll Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size. Spyware rnr20.dll Trojan-PSW.Win32.QQRob.10 This Trojan is designed to steal user passwords. It is a Windows PE EXE file. It is 70,144 bytes in size. Installation When launched, the Trojan copies its executable file to the Windows system directory: %System%\robber1.exe The Trojan also adds a link to its executable file in the system... Adware runas.exe Virus.DOS.CriminalWW.1788 These are very dangerous memory resident parasitic polymorphic viruses. They trace and hook INT 21h, then they write themselves to the end of COM and EXE files that are executed or opened. Depending on their internal counters the viruses erase the MBR of the hard drive and then display the message:... Spyware ver.dll Trojan-PSW.Win32.LdPinch.rn This Trojan belongs to a family of Trojans written with the aim of stealing user passwords. LdPinch is designed to steal confidential information. The Trojan itself is a Windows PE EXE file approximately 17KB in size, packed using UPX. When installing, the Trojan copies itself to the Windows system... Adware usrv80a.dll Virus.DOS.CriminalWW.1788 These are very dangerous memory resident parasitic polymorphic viruses. They trace and hook INT 21h, then they write themselves to the end of COM and EXE files that are executed or opened. Depending on their internal counters the viruses erase the MBR of the hard drive and then display the message:... Malware scesrv.dll Virus.DOS.Lenin.943 It is not a dangerous nonmemory resident parasitic virus. It searches for EXE files and writes itself to the end of the file. While infecting it does not alter the EXE entry registers, but inserts CALL FAR instruction into file entry point and alters EXE relocation table. Depending on its... Rogue WgaLogon.dll Virus.DOS.Darkray_II.466 It is not a dangerous nonmemory resident parasitic virus. It searches for .COM files, then writes itself to the end of the file. The virus displays the messages: This file contains a virus!!! Please COLD-boot from a write protected system disk and use you anti virus software!!! Dit virus is ter... Malware mprapi.dll Virus.DOS.PM.733 It is a harmless memory resident stealth parasitic virus. It hooks INT 21h and writes itself to the end of .COM files that are executed or closed. When an infected file is opened, the virus disinfects it. The virus contains the ID-strings: PM Malware cryptnet.dll Virus.DOS.Lenin.943 It is not a dangerous nonmemory resident parasitic virus. It searches for EXE files and writes itself to the end of the file. While infecting it does not alter the EXE entry registers, but inserts CALL FAR instruction into file entry point and alters EXE relocation table. Depending on its... Worm asr_pfu.exe Net-Worm.Win32.CodeRed.a CodeRed (aka Code Red, Bady) is an Internet worm that replicates between Windows 2000 servers running Microsoft's IIS (Internet Information Services) and the Microsoft Index Server 2.0 or the Windows 2000 Indexing Service. It does this by exploiting a bug known as "Unchecked Buffer in the Index... Adware ddeshare.exe Virus.DOS.Fire.2682 It's a harmless memory resident encrypted parasitic stealth virus. It hooks INT 21h and writes itself to the end of COM- and EXE-files that are executed. It contains the internal text strings: Fire walk with me. Malware dskquota.dll Virus.DOS.LoveBuzz.381 These are very dangerous memory resident parasitic viruses. They hook INT 21h and writes themselves to the end of the files. They contain the text strings: "LoveBuzz.381": Lyubasha "LoveBuzz.591": LoveBuzz "LoveBuzz.381" infects .COM-files only, and corrupts them while... Backdoor hotplug.dll Backdoor.Win32.Agobot.a Backdoor.Agobot (also known as PhatBot) is a Trojan program which provides the author/ user with remote access to the victim machine. It is managed via IRC. It has a wide range of functionalities: will not work with a debugger running or under Vmware it can run both as a standard application and... Adware mdminst.dll Virus.Linux.Gildo It is not a dangerous, memory resident parasitic virus. It was written in the assembler language. It uses system calls (syscall) while working with files. The virus infects ELF files. It writes itself to the middle of the file. After starts the virus divides a main process and continues its work.... Adware mmcshext.dll Virus.DOS.VLAD.Systa.231 It is a harmless non memory-resident parasitic virus. It searches for SYS files, then writes itself to the end of the file. The virus contains the text strings: SySta by Qark/VLAD *.sys Adware odbcp32r.dll Virus.DOS.Squatter.9742 This is a dangerous memory resident parasitic highly polymorphic and stealth virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed. Depending on their counters the virus also infects the "C:\DOS\KEYB.COM" file, if it exists. The virus does not infect the... Backdoor qdv.dll Backdoor.Win32.Nanspy.f This backdoor program is written in Delphi, and packed using UPX. The file is 211520 bytes in size. Installation The backdoor copies itself to the system directory as spools.exe. It registers this file in the system registry to ensure that the program is launched each time Windows is rebooted.... Backdoor scrobj.dll Backdoor.Win32.Kbot.al This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 12787 bytes in size. Installation Once launched, the backdoor copies its executable file to the Windows system directory: %System%\mssrv32.exe The backdoor then creates a service... Malware upnphost.dll Virus.DOS.Clone.833 This is a harmless companion virus. It creates COM files with the same name as EXE file if found, and writes itself into this COM file. This a memory resident virus. It hooks INT 21h, and hits .EXE files that are executed. In April,0, the virus types: Your PC is Cloned!! It also contains the... Worm wscntfy.exe Net-Worm.Win32.Lovesan.a Lovesan is an Internet Worm which exploits the DCOM RPC vulnerability in Microsoft Windows described in MS Security Bulletin MS03-026. Lovesan is written in C using the LCC compiler. The worm is a Windows PE EXE file about 6KB (compressed via UPX - 11KB when decompressed). Lovesan downloads and... Malware wmerror.dll Virus.DOS.PM.733 It is a harmless memory resident stealth parasitic virus. It hooks INT 21h and writes itself to the end of .COM files that are executed or closed. When an infected file is opened, the virus disinfects it. The virus contains the ID-strings: PM Spyware batt.dll Trojan-PSW.Win32.Lmir.gen This family of Trojans steals passwords to the online game Legend of Mir. As a rule, programs belonging to this family are written in high-level programming languages such as Delphi, Visual C/C+ +, Visual Basic). File sizes vary, and the programs utilize a range of methods to install themselves to... Adware kbdycc.dll Virus.DOS.Squatter.9742 This is a dangerous memory resident parasitic highly polymorphic and stealth virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are accessed. Depending on their counters the virus also infects the "C:\DOS\KEYB.COM" file, if it exists. The virus does not infect the... Malware occache.dll Virus.DOS.Acapulco.1971 It's a not dangerous memory resident parasitic virus. It hooks INT 21h and writes itself at the end of COM- and EXE-files are executed. Sometimes it hooks INT 08h (timer) and plays several tunes. Spyware write.exe Trojan-PSW.Win32.Coced.215 This Trojan steals user passwords. It is designed to steal a range of confidential information. It is a Windows PE EXE file. It is 10,240 bytes in size. It is written in Visual C++. Installation Once launched, the Trojan copies its executable file to the Windows system directory:... Backdoor Netw2c32.dll Backdoor.Win32.Surila.k Surila is a Trojan backdoor. The program is a Windows PE EXE file packed with Obsidium and written in Visual C+ +. The packed file size is 244 KB and the unpacked size is approximately 413 KB. Installation Upon being launched, Surila copies itself into the Windows system folder under the name... Rogue iepeers.dll Lemena.3544 It is not a dangerous memory resident parasitic polymorphic virus. It copies itself to the video memory at address BC00:0000, hooks INT 22h (Terminate call), returns control to host program, waits for termination and hooks INT 21h. To hook INT 21h the virus patches the DOS kernel. The virus then... Adware avifil32.dll Virus.DOS.CriminalWW.1788 These are very dangerous memory resident parasitic polymorphic viruses. They trace and hook INT 21h, then they write themselves to the end of COM and EXE files that are executed or opened. Depending on their internal counters the viruses erase the MBR of the hard drive and then display the message:... Backdoor AVIFILE.DLL Backdoor.win32.Small.cz This Trojan makes it possible for a remote malicious user to control the victim machine. The program is a Windows PE EXE file 2560 bytes in size. Backdoor msgr3en.dll Backdoor.Win32.Agobot.a Backdoor.Agobot (also known as PhatBot) is a Trojan program which provides the author/ user with remote access to the victim machine. It is managed via IRC. It has a wide range of functionalities: will not work with a debugger running or under Vmware it can run both as a standard application and... Backdoor wdigest.dll Backdoor.Netbus This is a hidden (hacker's) remote administration utility similar to the known Backdoor.BO (a.k.a. Back Orifice) Trojan. It allows to administrate infected computers from a remote console, to steal files, to damage installed software etc. See Backdoor.BO Trojan. Backdoor ieakeng.dll Backdoor.Win32.Delf.duc This malicious program is a Trojan. It is a Windows PE EXE file. It is 447488 bytes in size. Backdoor winhttp.dll Backdoor.Win32.IRCBot.abc This Trojan provides a remote malicious user with access to the victim machine. It is managed via IRC. It is a Windows PE EXE file. It is 32,704 bytes in size. Installation When installing, the backdoor creates a system process, svchost.exe, and injects its code into process memory. The backdoor...