w32/reur.worm!p2p 10/20/03

Discussion in 'malware problems & news' started by bigc73542, Oct 21, 2003.

Thread Status:
Not open for further replies.
  1. bigc73542

    bigc73542 Retired Moderator

    Sep 21, 2003
    SW. Oklahoma
    Virus Name Risk Assessment
    Corporate User : Low http://www.helpdesk2go.com/special.html
    Home User : Low

    Virus Information
    Discovery Date: 10/20/2003
    Origin: Unknown
    Length: 435,744 bytes
    Type: Virus
    SubType: P2P Worm
    Minimum DAT:
    Release Date: 4299
    Minimum Engine: 4.1.60 www.mcafee.com
    Description Added: 10/21/2003
    Description Modified: 10/21/2003 3:23 AM (PT)
    Description Menu
    Virus Characteristics
    Method Of Infection
    Removal Instructions
    Variants / Aliases
    Rate This page
    Print This Page
    Email This Page

    Virus Characteristics:

    This is a worm that spreads through eMule peer-to-peer network sharing software.

    Upon running this program, a fake error message is displayed.

    It subsequently makes multiple copies of itself into the C:\Program Files\eMule\Incoming directory. The following filenames may be used:

    * AOL Hacker 2004
    * Hotmail Hacker 2004
    * Portable Orange (FT) Keygen
    * Yahoo Mail Hacker 2004
    * WinZip All Version Keygen
    * WinRAR All Version Keymaker
    * Sexy ScreenSaver 2004
    * Free Hard Porn 2004
    * Wanadoo Hacking Tool 2004
    * Alcohol 120% CORE Keygen
    * Homeworld 2 DEViANCE Keygen

    Top of Page


    The worm copies itself using a random filenames to the %SYSDIR% directory and hooks the registry at the following key to run itself at startup:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "19720B10" = C:\WINDOWS\SYSTEM\19720B10.exe
    Top of Page

    Method Of Infection

    The user gets infected upon downloading any of the above files and executing it.
    Top of Page

    Removal Instructions

    All Users:
    Use specified engine and DAT files for detection and removal.

    Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

    Additional Windows ME/XP removal considerations
    Top of Page

    Name Type Sub Type Differences
    Top of Page

    W32.HLLW.Wanado (Symantec)
    Top of Page

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.