high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | April 2008 (4.28) |
| Protection available since | 9 February 2008 03:08:01 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Feebs-CB is a worm for the Windows platform.
When first run W32/Feebs-CB copies itself to:
<System>\ms??.exe
<System>\ms??
where ?? are randomly chosen letters.
and creates the following file:
<System>\ms??32.dll
MS??32.dll is also detected as W32/Feebs-CB.
The file ms??32.dll is registered as a COM object, creating registry entries under:
HKCR\CLSID\{<randomly generated CLSID>}
The following registry entry is created to run code exported by ms??32.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
ms??32.dll
{<randomly generated CLSID>}
Registry entries are also created under:
HKLM\SOFTWARE\Microsoft\MS??
where ?? are more randomly chosen letters
In order to spread across peer to peer networks the worm creates the following files in various shared folders:
3dsmax_10_(3D_Studio_Max)_new!_full+crack.zip
ACDSee_10_new!_full+crack.zip
Adobe_Photoshop_11_(CS34)_new!_full+crack.zip
Adobe_Premiere_10_(3.0_pro)_new!_full+crack.zip
Ahead_Nero_8_new!_full+crack.zip
DivX_8.0_new!_full+crack.zip
ICQ_2007_new!_full+crack.zip
Internet_Explorer_7_new!_full+crack.zip
Kazaa_4_new!_full+crack.zip
Microsoft_Office_2006_new!_full+crack.zip
Vista_Final_new!_full+crack.zip
winamp_7_new!_full+crack.zip
Sophos's anti-virus products include Behavioral Genotype® Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against W32/Feebs-CB (detected as Mal/Packer) since version 4.20.
|
