high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 2 December 2005 04:09:42 (GMT) |
| Detected by | All Sophos products |
Sophos beta program
- Endpoint Security and Control 9.0
- Small business solutions 4.0
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Attech-C is a worm for the Windows platform. This worm is capable of spreading via AOL Instant Messenger and via file sharing on peer to peer networks.
W32/Attech-C will disable Task Manager, regedit, Windows Explorer and will prevent Internet Explorer from closing.
W32/Attech-C will attempt to send itself to any contacts listed in AIM. It will send a link with one of the following messages:
LMAO OMG THIS IS HILARIOUS!
INFINITE FREE PICS OF ASIAN HOTTIES!
Lol OMG! Someone posted your picture here!
OMG LOOK IT'S YOU!
Cool hacking programs!
Take my Quiz!
Play the new Aim Online game!
Click to join! Better then myspace and xanga!
Check my Pics Out!
Wanna See My Profile!
Download My Profile.
LOL Check these Pics out.
Have you see this!
Download my mp3 i made.
Check out my music!
Funniest Clip Ever!
Download Dead Aim (5.9+)- NEW!
Check out my webcam.
See my Beach pictures!!
Make your own Profile!
"GunboundWC Gold Hack"
THE KEY TO HAPPINESS IS LAUGHTER!
Join this free music site!
View My BuddyProfile
My Xanga!
LOL Watch this clip!
Free Aim Password Cracker. Use it to hack your friends.
This game is badass! Play now!
Email Hacker Pro 1.5 This is awsome! :)
Game Hacker program download here.
Aim Hacker 1.3 FREE!
LOLOL WTF IS THIS?!
Better then limewire and kazaa put together!
Get X-im Chat! Better then AIM!
Best Aim Password Cracker written by ZeX.
Download Aim Optimized 4.9!
Hack Webcams and Aim accounts with O-Hax! This is the last day it will be out for free!
The link attempts to download more malware from a remote site.
W32/Attech-C attempts to spread through file sharing networks by copying itself to the "shared" folders of the following applications:
Ares
bearshare
Blubster
eDonkey
gnucleus
Grokster
ICQ
iMesh
KMD
limeWire
Morpheus
overnet
Shareaza
Tesla
Warez P2P Client
winmx
Xolox
When first run, W32/Attech-C may copy itself to one or more of the following locations:
<System>\WinOIE789.exe
<Startup>\WinDash.EXE
<Windows fonts folder>\FontLoader.exe
<Program Files>\NetMeeting\NetMeeting.exe
W32/Attech-C will display a message box with the title "Error" and the message text of "An unexpected error has occurred on the execution of this file".
W32/Attech-C will then makes many copies itself to common share folders, as well as peer to peer share folders with such names as <program> crack.exe, <program> patch.exe, <program> keygen.exe.
W32/Attech-C may create the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoClose
01 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDesktop
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives
67108863
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFavoritesMenu
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFind
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoLogoff
01 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRecentDocsMenu
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRun
01 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoSaveSettings
00 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoSetFolders
1000000
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoSetTaskbar
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoTrayContentmenu
01 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoViewContentWindow
01 00
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
RestrictRun
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDesktop
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskmgr
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
NoDevMgrPage
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
Disabled
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
NoRealMode
1
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoBrowserClose
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDesktop
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ScanRegistry
""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
SchedulingAgent
""
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
LegalNoticeCaption
??????
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
LegalNoticeText
??????????
W32/Attech-C may modify the following registry entries:
HKCU\Control Panel\Mouse
DoubleClickSpeed
100
HKCU\Control Panel\Mouse
MouseSensitivity
5
HKCU\Control Panel\Mouse
SwapMouseButtons
1
HKCU\Control Panel\Mouse
MouseSpeed
0
HKCU\Control Panel\Keyboard
KeyboardDelay
9
HKCR\CLASSES\.reg
HKCR\CLASSES\.inf
HKCR\Folder\shell\open\ddeexec
HKCR\Folder\shell\explore\ddeexec
HKCR\CLSID\[01E04581-4EEE-11d0-CFE9-00AA005B4383]\InProcServer32
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
W32/Attech-C may make the following changes to the win.ini file:
International
s1159
??????
International
s2359
??????
International
sTimeFormat
HH:mm:ss:tt
|
