|
|
Detect and remove hidden rootkits using
UnHackMe
RegRun Security Suite = 24 system utilities for protecting your computer. Try now! |
 EasyAV.exe - Dangerous
It also contains backdoor functionality and may perform Denial of Service (DoS) attack against specified Web sites. If the system date is between April 14, 2004 to April 23, 2004, the worm will try to perform a DoS attack against the following Web sites: www.cracks.am; www.emule.de; www.kazaa.com; www.freemule.net; www.keygen.us The email has a variable subject line and attachment name. The attachment will have a .pif file extension. Copies itself as %Windir%\EasyAV.exe. Creates the file, %Windir%\Uinmzertinmds.opm, which contains a MIME-encoded copy of the worm's executable. Adds the value: "EasyAV"="%Windir%\EasyAV.exe" to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Listens on port 6789. If the attacker sends an executable file to an infected computer, the worm will save it as Scans and retrieves email addresses from the files with some extensions. If the system date is not April 2004, or if it is and the day is less than 14 or greater than 16, the worm will attempt to use its own SMTP engine to send itself to all the email addresses that it finds. Manual removal: Navigate to the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and delete the value: "EasyAV"="%windir%\EasyAV.exe" Removal: EasyAV.exe is removed by RegRun.
Read more... Removal instructions...
Recommended software: RegRun Security Suite - removal and protection. http://www.regrun.com RegRun Reanimator - free removal tool. greatis.com/reanimator
What is hidden in MSDN? Why software developers prefer Win32.FreeTechSecrets.com? All Unix Manuals in Alphabetical Order C# controls for .NET in 3 simple steps. Constantly updated. Last update: October 6 2008
Interesting information about Vista programs... Need consultation? Would you like to add your opinion?
|
|
