Home Forums Windows 7 Security Tips

Windows 7
Windows Vista
Windows XP

Security Tips
Keyboard Shortcuts


Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Hot Downloads

Privacy Policy
Contact Us


Name %windir1%\system\svchost.exe


Plexus is an Internet worm which spreads in three different ways: as an email attachment, via file-sharing networks and using the LSASS
and RPC DCOM vulnerabilites in MS Windows like Sasser and Lovesan respectively.
In addition, Plexus carries a potentially dangerous payload.

Upon execution, the worm displays a fake error message, chosen at random from predefined list:
- CRC checksum failed.
- Pack method not implemented.
- Could not initialize installation. File size expected=26523, size returned=26344.
- File is corrupted.

Plexus copies itself into the Windows\System32 directory as upu.exe.
It then installs two files:
- a file named setpupex.exe to the Windows\System32 directory
- a file named svchost.exe to the Windows root directory - the main module of Plexus.a.

Plexus copies itself to shared folders and accessible network resources under different names.
Plexus exploits the LSASS vulnerability described in >MS Security Bulletin MS04-011
Plexus also exploits the DCOM RPC vulnerability described in MS Security Bulletin MS03-026 just like last year's Lovesan.

Plexus searches local disks for files with the following extensions: htm; html; php; tbb; txt
and sends copies of itself to all email addresses found in these files.

Plexus attempts to prevent Kaspersky Anti-Virus databases from being updated by replacing the contents of the 'hosts' file in
Windows\System32\drivers\etc\hosts with the following data:

Plexus opens and tracks port 1250, making it possible for files to be remotely loaded onto the victim machine and launched

Automatic removal:
Remove it from startup by antivirus (also check How To Remove section)Startup Optimizer.

Still have a problem? Ask for help at our discussion forum.

Search Dangerous Files :

: : Recent posts at Forums : :

Fatal error: Incompatible file format: The encoded file has format major ID 1, whereas the Loader expects 7 in /home/software/public_html/forum/includes/functions_vbseo.php on line 0