high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 7 July 2005 13:01:35 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Harwig-B is a worm for the Windows platform.
W32/Harwig-B opens MSN Messenger and send one of the following three messages toany contacts:
man this is sick, check this shit, lol :P <URL>
Here u go: http://...
well? ;)
<URL> points to an executable file. At the time of writing, this URL was unavailable. The file may be another copy of W32/Harwig-B.
If W32/Harwig-B cannot find a copy of MSN messenger on the infected computer it will copy itself to <Windows>\abcdefg.exe.
The following registry entry is created to run abcdefg.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
System
<Windows>\abcdefg.exe
W32/Harwig-B includes functionality to change security settings and modify the HOSTS file.
The following registry entry is set, affecting internet security:
HKLM\SYSTEM\Controlset001\Services\SharedAccess\Parameters\
FirewallPolicy\ StandardProfile\AuthorizedApplications\List
W32/Harwig-B modifies the HOSTS file, changing the URL-to-IP mappings for selected websites, therefore preventing normal access to these sites.The new HOSTS file will typically contain the following:
127.0.0.1 messenger.hotmail.com
|
