W32/Duload-A

Category: Viruses and Spyware Protection available since:23 Aug 2002 00:00:00 (GMT)
Type: Win32 worm Last Updated:17 Apr 2003 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Duload-A is worm that spreads in the KaZaA network. When run it copies itself into the Windows system folder as SystemConfig.exe and sets the following registry entries so that it will be automatically run when Windows starts up.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Windows System Configure = C:\<Windows System folder>\ SystemConfig.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Windows System Configure = C:\<Windows System folder>\ SystemConfig.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Windows System Configure = C:\<Windows System folder>\ SystemConfig.exe

The worm creates a folder named Media in the Windows system folder and creates several copies of itself in this folder using the following names:

Jenna Jamison Dildo Humping.exe
Pamela Anderson And Tommy Lee Home Video.exe
Alicia Silverstone Payboy Nude.exe
Kama Sutra Tetris.exe
Flash Golf.exe
Hoes For You Solitare.exe
Bingo.exe
Irc Client.exe
Mirc 7.0.exe
Email Bomber.exe
FileServer.exe
Kazaa Clone.exe
Napster Clone.exe
Winmx.exe
Website Hacker.exe
Hotmail Hacker.exe
Windows Hacker.exe
Free Porn.exe
Free Mpegs.exe
Free Pics.exe
Xbox Emulator.exe
Britney Spears Dance Beat.exe
Shakira Dancing.exe
J.Lo Bikini Screensaver.exe
Universal Game Crack.exe
Soldier Of Fortune 2 Mutiplayer Serial Hack.exe
Play Games Online For FREE.exe
Win A Ps2.exe
Win An Xbox.exe
Ps2 Emulator.exe
Ps2 Iso 2 Rom Converter.exe
Xbox Iso 2 Rom Converter.exe
The Sims Game Crack.exe
Working Iso Burner.exe
Winzip.exe
Winrar.exe
Winace.exe
System Monitor.exe
Warcraft 3 Battle.net Crack.exe


W32/Duload-A sets several entries under the registry entry
HKCU\Software\Kazaa so that the Media folder will become shared in the KaZaA network.

W32/Duload-A also downloads a file from thisistrash.0catch.com into C:\Uninstall.exe and executes it.

download Try Sophos products for free
Download now