Sophos

W32/VBSilly-A

Aliases
  • P2P-Worm.Win32.VB.dh
  • W32/Generic.d
Category
Type
What to do
Prevalence low high

Summary

 
How it spreads
  • Peer-to-peer
Affected operating systems Windows
Characteristics
  • Installs itself in the registry
Protection available since 25 November 2005 00:22:04 (GMT)
Detected by All Sophos products
Sophos beta program Sophos beta program
Register now for our latest beta tests
  • Endpoint Security and Control 9.0
  • Small business solutions 4.0

Action

More Information

W32/VBSilly-A is a worm for the Windows platform.

W32/VBSilly-A spreads via file sharing on P2P networks.

When first run W32/VBSilly-A copies itself to:<System>\DBExecCom.exe

and also makes over 4000 copies of itself in popular file sharing locations on the local drive. Example filenames include:

<Desktop>\BearShare\++Members Area++.exe
<Desktop>\BearShare\Borland Delphi.exe
<User>\Documents\My Music\10000 Playstation Cheats.exe
<User>\Documents\My Music\300 Things To Do When You Are Bored.exe
<User>\Documents\My Music\Blow Up Britneys Boobs.exe
<User>\Documents\My Music\Setup.exe
<User>\Documents\My Music\WinAmp Skin Generator.exe
<Common Files>\Microsoft Shared\AOL Hacker.exe
<Common Files>\Microsoft Shared\Cakewalk Sonar Latest.exe
<Program Files>\KaZaA Lite\My Shared Folder\Adult XXX Game.exe
<Program Files>\KaZaA Lite\My Shared Folder\MS Powerpoint Crack.exe
<Program Files>\KaZaA Lite\My Shared Folder\Need For Speed Underground.exe
<Program Files>\Kmd\My Shared Folder\Lord Of The Rings PC Crack.exe
<Program Files>\Limewire\My Shared Folder\Ipod.exe
<Program Files>\MSN Messenger\shared folder\DOS 6.2.exe
<Program Files>\MSN Messenger\shared folder\Macromedia Flash Full KeyGeN.exe
<Program Files>\Messenger\shared folder\Final Fantasy Setup.exe
<Program Files>\Morpheus\My Shared Folder\Email.exe
<Program Files>\Morpheus\My Shared Folder\Explorer.exe
<Program Files>\Shareaza\Briana Banks.exe
<Program Files>\bearshare\Adobe AllProducts Activation.exe
<Program Files>\bearshare\shared\Rollercoaster Tycoon 2Crack+Serial.exe
<Program Files>\eDonkey2000\My Shared Folder\Ibiza Anthems.exe
<Program Files>\icq\shared files\Kazaa Accelerator Plus.exe
<Program Files>\icq\shared files\xxx.exe

W32/VBSilly-A creates the following registry entries to run DBExecCom.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Win Validation Application
<System>\DBExecCom.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Win Validation Application
<System>\DBExecCom.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Win Validation Application
<System>\DBExecCom.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Win Validation Application
<System>\DBExecCom.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
Win Validation Application
<System>\DBExecCom.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Win Validation Application
<System>\DBExecCom.exe

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer