I'll field this one, I've dealt with it firsthand - It spreads through kazaa, it would have been a nasty worm, but the one who wrote it cant code, or used a virus generator to do it it appears... It is supposed to delete the file wpa.dbl, the hardware configuration and activation state database of Windows XP system file, when the day on the system date == 6 but it does not do so, most of the routines within the code itself fail, a few pass, but I'd give it a threat rating of 0 on a 0-5 scale. Infected file size is 417,792 - drops the file _sys.exe to the \system32 directory and has associated registry keys. If you require more info I'll be happy to post, just holler
Qu|rk-
Thanks QU| RT, that will get me where I'm going. I just kept getting a virus alert from my AVG resident shield and didn't know anything about this worm...his ass is mine now.
I enjoy talking to myself...it's usually the only intelligent conversations I get to have.
Tweet
Comment