Ads W32.Topion.A Saturday, 30 April 2005 W32.Topion.A is a network-aware worm that copies itself to network shares. Type: Worm Infection Length: 11,776 bytes Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP When W32.Topion.A is executed, if performs the following actions: Copies itself as: %System%lade.exe %System%svchost.dat Note: %System% is a variable that refers to the System folder. By default this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP). Creates the following registry subkeys: HKEY_CLASSES_ROOT.Count HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{0fab99d0-bab8-11d1-994a-0005454fbbc9} Creates the following files in the root directory on drives from C: to I: desktop.ion autorun.inf The file autorun.inf mentioned above has the following text so that the worm runs when the drive is mounted: open=desktop.ion Also copies the files in Point no. 3 to open network shares on remote computers. Attempts to access a website on the www.windows-up.com domain and download a file named gphoto.htm. Note: At the time of writing this file was not available. To delete the value from the registry: Click Start > Run. Type regedit Click OK. Navigate to and delete the subkeys: HKEY_CLASSES_ROOT.Count HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{0fab99d0-bab8-11d1-994a-0005454fbbc9} Exit the Registry Editor.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.