Threat Information for "Win32.HLLW.MyBot.based"
| Summary | Top |
- Name: Win32.HLLW.MyBot.based
- Aliases:Worm/Rbot.172032.10, Win32:Trojano-352, IRC/BackDoor.SdBot2.EZC, Backdoor.SDBot.7F4521A2, DNAScan, Win32/RBot.Variant!Worm
- Date Discovered: 2006-08-21
- Protection Added: 2006-08-22
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Runs as a service 3: Consistent file contents 4: Consistently named 5: Creates new registry entries with consistent data -- Privacy Risks/Security Changes 1: Transmits personal data to remote computers 2: Opens backdoors [VIRUS ONLY] 3: Harvests nonspecific personal data -- Damage/Intrusion/Annoyance 1: Autoruns at startup without an option to be disabled -- Propagation/Saturation 1: Infects through a blind IP address attack [VIRUS ONLY] 2: Creates new files 3: Mimics legitimate file names 4: Displays fake error messages 5: Spreads from embedded code in an email [VIRUS ONLY] 6: Spreads from a link in an email
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\SERVICE.EXE-up.txt - Added Directory/File:
FilePath: %SYSTEMDIR%\service.exe - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: System Service - Added Registry Value:
Key: HKCU\Software\Microsoft\OLE Value: System Service - Added Registry Value:
Key: HKU\S-*\Software\Microsoft\OLE Value: System Service - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\RunServices Value: System Service
