Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

WORM.KOLAB.BDE

 

 

Name:

Worm.Kolab.bde

Added:

November 25, 2011

Type:

Worm

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Malware problems?   We can help.  Free Removal Tools.

 

 

Description:

 

When Worm.Kolab.bde is executed, it performs the following activities:

After execution, it drops the following files:

%System%\ap
%System%\Install.exe
%System%\sms.exe
%System%\sv.exe
%System%\vbzip10.dll
%Rootdrive%\tinko

It modifies/creates the following registry entries:

winupdate = "%System%\sv.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

sms: "%System%\sms.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

winupdate: "%System%\sv.exe"
HKU\Software\Microsoft\Windows\CurrentVersion\Run

sms: "%System%\sms.exe"
HKU\Software\Microsoft\Windows\CurrentVersion\Run

The Worm.Kolab.bde spreads Via Removable Drives and shared drives by dropping the files:

%RemovableDrive%Autorun.inf
%RemovableDrive%install.exe

It may connect to the domain using 8080 port

ns2.tXXXuisness.co

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4