W32/Gemel-A

Category: Viruses and Spyware Protection available since:27 Jan 2003 00:00:00 (GMT)
Type: Win32 worm Last Updated:27 Jan 2003 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Gemel-A is a worm which spreads via file sharing on KaZaA, Grokster, Morpheus and ICQ networks.

W32/Gemel-A runs continuously in the background and periodically copies itself to one of the following randomly chosen folders:

C:\Program Files\Grokster\My Grokster\
C:\ARCHIV~1\Grokster\My Grokster\
C:\Program Files\Morpheus\My Shared Folder\
C:\archiv~1\Morpheus\My Shared Folder\
C:\Program Files\ICQ\shared files\
C:\archiv~1\ICQ\shared files\
C:\Program Files\KaZaA\My Shared Folder\ or
C:\ARCHIV~1\KaZaA\My Shared Folder\

using a filename randomly chosen from:

Osama Movie
Britney_XXX_Pasion_Anal
Hotmail Hack
The Matrix.mp3.exe
Blink182.mp3
Spiderman movie
Spiderman Game
Internet gratis
Big Brother
Norton Antivirus 2002 Crack
Crack para Latinmail
Microsoft Windows XP Crack
Chistes de Osama
Trucos de King of Figther
Britney XXX Screen Saver
KUASANAGUI-GEDZAC
Codigos fuentes de Virus
or de los anillos
Worm Generator
AVP Crack
Musulmanes
Soda Estereo.mpeg
Crack WinZip
Atentados Terroristas
Hentai XXX ScreenSaver
Star Wars Episodio II
Padme Amidala
EUA vs AFGANISTAN
Script Hacker Mirc
VX Trader Mails
Osama Theme
Persiana Americana.mp3
Sexo Gratis
Ataque militar a Irak
Virus en cuarentena
Visual Basic Crack
The Lord of the rings
Postales sexuales
Ataques Terroristas
Atacan New York
Terrorismo
Torres Gemelas de Nueva York
La Zona Cero de NY
WTC Cementerio del Arte
Tragedia de las Torres Gemelas
ANTRAX
Guerra Bacteriologica
11 de Septiembre de 2001
Al-Qaeda
Osama Bin Laden
La Leyenda de Osama
AeroPitaras Suicidas
Llega el Antrax a M
Avionazo al Pentagono
Digimon
Hussein y Bin Laden
Videos de Osama Bin Laden
Bin Laden en M
Muertes por Antrax
Ana Kournikova XXX
Shakira anal
Britney anal
Cameron Diaz anal
Follar y Follar
Sexo Pudor y Lagrimas
Pokemon Movie
La Leyenda de Zelda
The Legend of Zelda
El microbito.mp3
Tom Crouse
Pamela Anderson Pasion Anal
Sexo ScreenSaver
Final Fantasy
Roms of PX2
Dragon Ball Z
Arroba Magazine
Anastacia anal sex
Shakira naked
Operacion Triunfo
Big Brother Vip
Amores Perros screen Saver
El Crimen del Padre Amaro.mpeg
McAfee Crack
WinZip
Pamela Anderson Screen Saver
Hentai Screen Saver
Per Antivirus Crack
Generador de passwords

and an extension of: EXE, PIF, COM, BAT or SCR.

When W32/Gemel-A is first run it drops a message file Torres_Gemelas.TXT in the Windows folder and launches Notepad to display the contents of this file.

W32/Gemel-A also creates a subfolder of the Windows folder named \Guindows, deletes the files C:\WINDOWS\REGEDIT.EXE and C:\WINDOWS\SYSTEM\MSCONFIG.EXE and creates or sets the registry entries

HKLM\Software\Microsoft\Windows\CurrentVersion\GEDZAC = 1

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\GEDZAC = C:\Windows\Guindows\GEDZAC.EXE

HKLM\Software\Microsoft\MessengerService\Policies\IMWarning = Tus archivos estan a salvo de GEDZAC?

HKLM\Software\Microsoft\Windows NT\
CurrentVersion\RegisteredOrganization = GEDZAC

HKLM\Software\Microsoft\Windows NT\
CurrentVersion\RegisteredOwner = Kuasanagui

HKCU\Software\CLASSES\CLSID\(450D8FBA-AD25-11D0-98A8-0800361B1103) InfoTip = "Tus archivos estan a salvo de GEDZAC? Stores your documents, graphics, and other files."

HKLM\Software\Microsoft\Windows\CurrentVersion\
RegisteredOrganization\GEDZAC = <Registered organization for computer>

and

HKLM\Software\Microsoft\Windows\CurrentVersion\
RegisteredOwner\Kuasanagui = <Registered owner for computer>

When W32/Gemel-A is run on September 11th a bitmap image is displayed depicting the World Trade Centre tragedy, with the title "Torres Gemelas" and a message box is displayed with the text "Te acuedas de esto?".

download Try Sophos products for free
Download now