|
| |||||||
| Register | FAQ | The Twelve Commandments | Members List | Calendar | Arcade | Find the Best VPN | Today's Posts | Search |
| Open Discussion topics Discuss the time of day, whatever you want to. This is the hangout area. If you have LimeWire problems, post them here too. |
| | LinkBack | Thread Tools | Display Modes |
March 8th, 2005
| |||
| |||
 Speak of the Devil... Here I am, bravely going forth to complete my task (see what happens when you download a trial programs from a reputable site like downloads.com, only to find that when you try and use it, the only thing it will say is "trial period expired"?) Anyway, I was also hoping to run into that nasty rar again *combative look* I look to my results, and find PC Surgeon Crack, an exe, 263kb. However, it contains a lovely little worm called W32.Tibick. From Symantec: W32.Tibick is a worm that propagates through file-sharing networks. This worm also connects to an IRC channel and listens for messages from the attacker. Also Known As: Worm.P2P.Tibick [Kaspersky] Type: Worm Infection Length: 12,820, vary When W32.Tibick executes, it does the following: Copies itself as %System%\svcnet.exe. Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP). Adds the value: "System Restore" = "svcnet.exe" to one of these registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run so that the worm runs when you start Windows. Creates a folder named %Windir%\msview and copies itself as multiple file names (here they name all sorts of files one might find at a file sharing site). Modifies the settings of various file-sharing applications, if present, to use the newly created folder as the default sharing folder. This applies to the following applications: Kazaa iMesh Morpheus wareo eMule DC++ The worm may also update itself when a new version is available. This seemed familiar, so I looked at my incomplete dl's - it was the file responsible for the W32.Tibick I mentioned in my 1st posting! Here it is, just lurking & waiting for another victim! I blocked the sender, 208.191.143.130. In 2 days time, even the densest of people would have noticed the changes (mentioned above), in their system. Several of the anti-malware, antivirus pgms I used were free ones on the web. There really is no excuse for ignorance in this matter! I don't understand deliberate, casual cruelty, especially to those who you have never even met. Is there any other way a worm-bearing file could still be around 2 days later, unless its deliberate?  |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| 197.7 Trojan/malware info | luthier | Open Discussion topics | 2 | October 12th, 2006 06:57 PM |
| new malware!bot help | noviator | Windows | 5 | April 2nd, 2006 03:44 AM |
| malware file | mcga | Download/Upload Problems | 1 | April 17th, 2005 04:38 PM |
| Malware bundled with Limewire??? | dogbreath | Open Discussion topics | 15 | March 19th, 2005 09:24 AM |
| Spyware, Adware, Malware on OSX? | keithybhoy | General Mac OSX Support | 2 | March 15th, 2005 05:42 AM |
Threaded Mode
