Wilders Security Forums  

Go Back   Wilders Security Forums > Other Security Topics > malware problems & news
Reload this Page W32/Blaster-G
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old April 21st, 2004, 01:52 AM
Marianna's Avatar
Marianna Marianna is offline
Spyware Fighter
  
Join Date: Apr 2002
Location: B.C. Canada
Posts: 1,215
Default W32/Blaster-G
Type
Win32 worm

Description
W32/Blaster-G is a worm that uses the internet to exploit the DCOM vulnerability in the RPC (Remote Procedure Call) service.
The worm will copy itself to the Windows system folder as eschlp.exe and create the file svchosthlp.exe in the same location.

W32/Blaster-G creates the following registry entries to ensure it is run at system logon:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Helper = <SYSTEM>\eschlp.exe /fstart
MSUpdate = <SYSTEM>\svchosthlp.exe
SPUpdate = <SYSTEM>\svchosthlp.exe

A more detailed description will be published here shortly.

http://www.sophos.com/virusinfo/anal...2blasterg.html
 

Wilders Security Forums > Other Security Topics > malware problems & news « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 06:07 AM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums