Ads W32.Kassbot.B Tuesday, 31 May 2005 W32.Kassbot.B is a network-aware worm that propagates by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026). Type: Worm Infection Length: 36,352 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP When W32.Kassbot.B is executed, it performs the following actions: Copies itself as %System%mmsvc32.exe. Note: %System% is a variable that refers to the System folder. By default this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP). Adds the value: "Microsoft Network Services Controller" = "%System%mmsvc32.exe" to the registry subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun so that the risk runs every time Windows starts. Modifies the hosts file by adding the following entries to prevent access to certain Web-sites: lloydstsb.co.uk online.lloydstsb.co.uk www.lloydstsb.co.uk www.lloydstsb.com personal.barclays.co.uk barclays.co.uk ibank.barclays.co.uk www.barclays.co.uk www.nwolb.com nwolb.com hsbc.co.uk www.hsbc.co.uk abbey.com www.abbey.com www.abbey.co.uk abbey.co.uk cahoot.com www.cahoot.com www.cahoot.co.uk cahoot.co.uk www.co-operativebank.co.uk co-operativebank.co.uk www.co-operativebank.com co-operativebank.com welcome2.co-operativebankonline.co.uk welcome6.co-operativebankonline.co.uk welcome8.co-operativebankonline.co.uk welcome10.co-operativebankonline.co.uk www.smile.co.uk smile.co.uk May connect to the nnpy.cplnn.com domain by HTTP and FTP in order to check for an updated version of itself. The Trojan may also receive commands from a remote attacker. Propagates by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-026), using TCP port 135. =========================================================================== To delete the value from the registry Click Start > Run. Type regedit Then click OK. Note: If the registry editor fails to open the risk may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal. Navigate to the subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun In the right pane, delete the value: "Microsoft Network Services Controller" = "%System%mmsvc32.exe" Exit the Registry Editor.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.