W32.Fujacks.D
Last week I got warning on my computer screen about W32.Fujacks.D. It was said that this type of virus is very dangerous, so I tried to find some informations about this virus on internet..
The list below are some informations about W32.Fujacks.D :
If you use sophos antivirus click here
If you use symantec antivirus click here
The list below are some informations about W32.Fujacks.D :
- W32/Fujacks.D is a prepending virus and worm with backdoor functionality for the Windows platform.
- It spreads to other network computers through available network shares and removeable storage devices.
- It also runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.
- Beside that W32.Fujacks.D includes functionality to access the internet and communicate with a remote server via HTTP.
- The terrible thing is W32.Fujacks.D may change HTML files.
- When first run W32.Fujacks.D copies itself to
\drivers\spoclsv.exe. The following registry entry is created to run spoclsv.exe on startup: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
svcshare\drivers\spoclsv.exe. - The following registry entry is set: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\SHOWALL
CheckedValue
0 - W32.Fujacks.D searches for EXE files in attempt to infect them and creates Desktop_.ini file every time when succeed. This file may be safely deleted.
- W32/Fujacks-D includes functionality to delete shares including the Admin$ share.
- May delete entries that contain the following strings:
"kav"
"KAVPersonal50"
"KvMonXP"
"McAfeeUpdaterUI"
"Network Associates Error Reporting Service"
"RavTask"
"ShStatEXE"
"yassistse"
"YLive.exe"
from the registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - May delete files with the following extensions from the root folder of local partitions, except the C drive:
* .gho
* .exe
* .scr
* .pif
* .com - Ends all processes in windows that contain the following strings in the title:
* QQKav
* QQAV
* VirusScan
* Symantec AntiVirus
* iDuba
* esteem procs
* Wrapped gift Killer
* Winsock Expert
* msctls_statusbar32
* pjf(ustc)
* IceSword
If you use sophos antivirus click here
If you use symantec antivirus click here
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home