W32/Blusod is a Windows systems Trojan.
Upon execution, the trojan creates the following files:
.tt(Two Random Characters).tmp in the %UserProfile%\Local Settings\Temp folder,
lph(Two Random Characters).exe in the %System%\system32 folder,
blph(Random Characters).scr in the %System%\system32 folder.
The trojan creates the following registry entry in order to install the screensaver:
HKEY_CURRENT_USER\Software\Sysinternals\Bluescreen Screen Saver\"EULAAccepted" = "1"
It also creates and runs the following file, which disables System Restore:
.tt(Two Random Characters).tmp.vbs in the %UserProfile%\Local Settings\Temp folder.
The Trojan then creates ph(Ramdom Characters).bmp image file in %System%\system32
The image contains the following message:
Warning!
Spyware detected on your computer!
Install an antivirus or spyware remover to clean your computer.
The trojan changes the desktop background on the computer to the above image by modifying the registry.
The trojan tries to connect the following websites in order to download more files on to the affected computer:
youpornztube.com
antivirusxp2008.com
source : esecurityplanet.com
Selasa, 01 Juli 2008
Langganan:
Posting Komentar
(
Atom
)
Tidak ada komentar :
Posting Komentar