W32/Culler-C

Category: Viruses and Spyware Protection available since:08 May 2007 00:00:00 (GMT)
Type: Win32 worm Last Updated:08 May 2007 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Culler-C is a worm for the Windows platform that spreads via MSN Messenger.

W32/Culler-C is a worm for the Windows platform that spreads via MSN Messenger.

W32/Culler-C includes functionality to access the internet and communicate with a remote server via HTTP.

W32/Culler-C attempts to terminate and disable various security software applications and Windows processes such as Task Manager.

When first run, W32/Culler-C will display the following error message:

"Component "COMDLG32.OCX" or one of its dependencies no correctly registered a file is missing or invalid."

It then copies itself to:

<Windows>\Cfreer.exe
<Windows>\Nzil.exe
<System>\Juegs.exe
<System>\Negdo.exe

W32/Culler-C attempts to download and execute files from a remote location. At the time of writing, these files were unavailable for download.

The worm sets the following registry entries to run at system startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Windows
<Windows>\Cfreer.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WindowsUpdate
<Windows>\Nzil.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
System
<System>\Juegs.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SystemUpdate
<System>\Negdo.exe

W32/Culler-C sets the following registry entry:

HKCU\Software\VB and VBA Program Settings\SysUpdate\sistema
Marcar
1

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy