Threat Information for "Win32.HLLW.Nert"
| Summary | Top |
- Name: Win32.HLLW.Nert
- Aliases:Worm/IRCBot.9609, W32/Ircbot.TU, Win32:Ircbot-ABC, BackDoor.Generic3.GBC, Backdoor.IRCBot.st, Trojan.IRCBot-689
- Date Discovered: 2006-08-21
- Protection Added: 2006-08-25
| Description | Top |
-- Ease of Removal 1: Creates new unique registry entries 2: File contents uniquely generated 3: Runs as a service 4: Consistently named 5: Consistent file contents 6: Creates new registry entries with consistent data -- Privacy Risks/Security Changes 1: Changes internet security settings 2: Transmits personal data to remote computers -- Damage/Intrusion/Annoyance 1: Autoruns at startup without an option to be disabled 2: Modifies noncritical registry entries -- Propagation/Saturation 1: Spreads by exploiting vulnerabilities [VIRUS ONLY] 2: Mimics legitimate file names 3: Creates new files 4: Infects through a blind IP address attack [VIRUS ONLY] 5: Infects through Internet Relay Chat (IRC) [VIRUS ONLY] 6: Infects through Peer-2-Peer Software 7: Displays fake error messages
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\wgareg.exe FileSize: 9609 MD5: 9928a1e6601cf00d0b7826d13fb556f0 - Added Directory/File:
FilePath: %WINDIR%\Debug\dcpromo.log - Added Registry Key:
Key: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WGAREG - Added Registry Key:
Key: HKLM\System\CurrentControlSet\Services\wgareg - Added Registry Key:
Key: HKLM\SYSTEM\CurrentControlSet\Services\wgareg - Added Registry Value:
Key: HKLM\SOFTWARE\Microsoft\security center Value: antivirusoverride - Added Registry Value:
Key: HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters Value: autoshareserver - Added Registry Value:
Key: HKLM\SOFTWARE\Policies\Microsoft\windowsfirewall\domainprofile Value: enablefirewall - Added Registry Value:
Key: HKLM\SOFTWARE\Microsoft\security center Value: firewalldisablenotify - Added Registry Value:
Key: HKLM\SOFTWARE\Microsoft\security center Value: antivirusdisablenotify - Added Registry Value:
Key: HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters Value: autosharewks - Added Registry Value:
Key: HKLM\SOFTWARE\Policies\Microsoft\windowsfirewall\standardprofile Value: enablefirewall - Added Registry Value:
Key: HKLM\SOFTWARE\Microsoft\security center Value: firewalldisableoverride
