Ads VBS.Nukip Thursday, 26 May 2005 VBS.Nukip is a worm that deletes system files and spreads through IRC channels. Type: Worm Infection Length: 6,635 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP When VBS.Nukip is executed, it performs the following actions: Creates the following file and executes it, causing the functionality of the mouse buttons to be swapped: %Windir%Ipnuker.bat Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:Windows or C:Winnt. Adds the values: "Windowz" = "%Windir%[original worm file name].vbs" "VBS.Ipnuker@mm" = "%Windir%[original worm file name].vbs" to the registry subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun so that the worm executes every time Windows starts. Copies itself as the following: %Windir%Start MenuProgramsStartUpWindows.vbs Sets the Internet Explorer start page to [http://]www.virus[REMOVED].com and the computer owner name to "Infected Idiot". If the current month is January, the worm will perform the following actions: Creates the following files: C:Ipnuker.txt C:IpnukerInfection.txt This email address is being protected from spam bots, you need Javascript enabled to view it C: This email address is being protected from spam bots, you need Javascript enabled to view it C:IpIp.txt C:IpIp.lnk C:Ipnuker.lnk Modifies the file C:mircscripts.ini, so that the worm spreads through IRC. Displays the following message: Upgrading Your Windows Files. Attempts to delete all files in %Windir% and %System% folders. Note: %System% is a variable that refers to the System folder. By default this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP). Displays the following message: Files Are Done With. If the current month is June, the worm will perform the following actions: Creates the following files: C:Upgrade.lnk C:Ipnuker Attempts to delete all files in the %Windir% folder. Attempt to spread through Microsoft Outlook, but fails due to an error in the code. ============================================================ To delete the value from the registry Click Start > Run. Type regedit Click OK. Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal. Navigate to the subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun In the right pane, delete the value: "Windowz" = "%Windir%[original worm file name].vbs" "VBS.Ipnuker@mm" = "%Windir%[original worm file name].vbs" Exit the Registry Editor. ==============================================   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.