W32/Dabber-D

Category: Viruses and Spyware Protection available since:04 Oct 2007 12:53:30 (GMT)
Type: Win32 worm Last Updated:04 Oct 2007 12:53:30 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed


W32/Dabber-D is a worm for the Windows platform.

W32/Dabber-D includes functionality to access the internet and communicate with a remote server via HTTP. W32/Dabber-D is a worm for the Windows platform.

W32/Dabber-D includes functionality to access the internet and communicate with a remote server via HTTP.

When first run W32/Dabber-D copies itself to <System>\msnfix.exe and creates the following files:

<User>\auto.txt
<System>\libinets.dll
<System>\libweb.dll

The files libinets.dll and libweb.dll are detected as Mal/Generic-A.

The files libinets.dll and libweb.dll are registered as COM objects, creating registry entries under:

HKCR\CLSID\{442B222A-0112-48B8-A8EF-1409332F9B8F}
HKCR\CLSID\{CCB13A8A-BBA4-4603-9012-996E69602713}

The following registry entries are created to run code exported by libinets.dll and libweb.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
printers
{CCB13A8A-BBA4-4603-9012-996E69602713}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
version
{442B222A-0112-48B8-A8EF-1409332F9B8F

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy