high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 23 May 2006 21:17:32 (GMT) |
| Last updated | 25 June 2006 19:51:45 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Feebs-AQ is a worm for the Windows platform.
W32/Feebs-AQ spreads via file sharing on P2P networks.
When first run W32/Feebs-AQ copies itself to:
<Windows system folder>\ms??
<Windows system folder>\ms??.exe
where ?? are randomly chosen characters.
The worm also creates the file
<Windows system folder>\ms??32.dll
which is also detected as W32/Feebs-AQ.
The following registry entry is created to run code exported by the worm library on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\
ShellServiceObjectDelayLoad
ms??32.dll
(<CLASS ID>)
The file ms??32.dll is registered as a COM object, creating registry entries under:
HKCR\CLSID\(<CLASS ID>)
W32/Feebs-AQ creates ZIP archives containing a copy of the worm in folders used by peer to peer applications.
The zip files have the following names:
3dsmax_9_(3D_Studio_Max)_new!_full+crack.zip
ACDSee_9_new!_full+crack.zip
Adobe_Photoshop_10_(CS3)_new!_full+crack.zip
Adobe_Premiere_9_(2.0_pro)_new!_full+crack.zip
Ahead_Nero_8_new!_full+crack.zip
DivX_7.0_new!_full+crack.zip
ICQ_2006_new!_full+crack.zip
Internet_Explorer_7_new!_full+crack.zip
Kazaa_4_new!_full+crack.zip
Longhorn_new!_full+crack.zip
Microsoft_Office_2006_new!_full+crack.zip
winamp_5.2_new!_full+crack.zip
The worm sends email to addresses collected from files on the infected computer. Email sent by W32/Feebs-AQ contains an attached file with a ZIP file extension containing a variant of Troj/FeebDl.
|
