W32/Demotry-B is a network worm for the Windows platform.
The worm scans network computers on port 445. W32/Demotry-B copies itself
through network shares and mapped logical drives.
In come cases, W32/Demotry-B may insert several spaces between the filename and
the EXE file extension. Other filenames may be used by the worm which are
randomly generated or include non-printable characters.
W32/Demotry-B is a network worm for the Windows platform.
When first run W32/Demotry-B copies itself to:
\iexplorer .exe
<Windows>\iexplorer .exe
<System>\iexplorer .exe
The following registry entry is created to run "iexplorer .exe" on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ALG.EXE
"iexplorer .exe"
The worm scans network computers on port 445. W32/Demotry-B copies itself
through network shares and mapped logical drives.
In come cases, W32/Demotry-B may insert several spaces between the filename and
the EXE file extension. Other filenames may be used by the worm which are
randomly generated or include non-printable characters.