W32/Cailont-A

Discussion in 'malware problems & news' started by FanJ, Apr 29, 2003.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    W32/Cailont-A
    Aliases : Nolor
    Type : Win32 worm

    Description
    W32/Cailont-A is an internet worm which sends itself out by email.

    W32/Cailont-A creates seven files in your system folder. The files explorer.exe, kernel32.exe, netdll.dll and serscg.dll are copies of the worm. The file setup.htm is a web page containing a Visual Basic Script which creates and launches the worm (this identity detects this file as VBS/Cailont-A). The files Netsn.dll and Bsbk.dll are raw base64-encoded copies of the worm and script files (these files are harmless on their own and can be deleted).

    W32/Cailont-A adds the value:

    explorer = "\SYSTEM\FOLDER\explorer.exe"

    to the registry key:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    This means that the worm will run automatically every time you start your computer.

    W32/Cailont-A sends emails with the following characteristics:

    Read more:
    http://www.sophos.com/virusinfo/analyses/w32cailonta.html
     
    FanJ, Apr 29, 2003
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...