Discussion in 'malware problems & news' started by Marianna, Feb 17, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Apr 23, 2002
    B.C. Canada
    Virus type: Worm

    Destructive: Yes

    Aliases: Win32/HLLW.Vesser.C


    This memory-resident worm propagates on systems that are infected with WORM_MYDOOM.A and WORM_MYDOOM.B. It is also capable of spreading via the popular peer-to-peer file-sharing application, SoulSeek.

    It has the following capabilities:

    Drop itself as the file LMSS.EXE in the C:\WINNT\System32\folder
    (Note: This path is hardcoded in the malware code. If this folder does not exist on the system, it fails to drop its copy.)
    Enumerate all running processes
    Terminate processes associated with antivirus programs
    Terminate instances of WORM_MYDOOM.A and WORM_MYDOOM.B
    Delete several system files such as BOOT.INI and AUTOEXEC.BAT
    Open port 2766, connect to an Internet Relay Chat (IRC) server, and joins a channel to wait for malicious commands from a remote user
    It runs on Windows 98, ME, NT, 2000, and XP.

Thread Status:
Not open for further replies.