...Net-Worm.Win32.Kido.ih Detected | Feb 20 2009 07:04 GMT | Released | Apr 02 2009 16:24 GMT | Published | Feb 20 2009 07:04 GMT | Manual description Auto description This description was created by experts at Kaspersky Lab. It contains the most accurate information available about this program. Manual description Auto description This is a description which has been automatically generated following analysis of this program on a test machine. This description may contain incomplete or inaccurate information. Technical Details Payload Removal instructions Technical Details This network worm spreads via local networks and removable storage media. The program itself is a Windows PE DLL file. The worm components vary in size from 155KB to 165KB. It is packed using UPX. Installation The worm copies its executable file with random names as shown below: %System%\<rnd> %Program Files%\Internet Explorer\<rnd>.dll %Program Files%\Movie Maker\<rnd>.dll %All Users Application Data%\<rnd>.dll %Temp%\<rnd>.dll %Temp%\<rnd>.tmp <rnd> is a random string of symbols. In order to ensure that the worm is launched next time the system is started, it creates a system service which launches the worm’s executable file each time Windows is booted. The following registry key will be created: [HKLM\SYSTEM\CurrentControlSet\Services\netsvcs] ...
Words: 1158 - Pages: 5