SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  %windir1%\system\svchost.exe

Name %windir1%\system\svchost.exe

Description

I-Worm.Plexus.a
Plexus is an Internet worm which spreads in three different ways: as an email attachment, via file-sharing networks and using the LSASS
and RPC DCOM vulnerabilites in MS Windows like Sasser and Lovesan respectively.
In addition, Plexus carries a potentially dangerous payload.

Upon execution, the worm displays a fake error message, chosen at random from predefined list:
- CRC checksum failed.
- Pack method not implemented.
- Could not initialize installation. File size expected=26523, size returned=26344.
- File is corrupted.

Plexus copies itself into the Windows\System32 directory as upu.exe.
It then installs two files:
- a file named setpupex.exe to the Windows\System32 directory
- a file named svchost.exe to the Windows root directory - the main module of Plexus.a.

Plexus copies itself to shared folders and accessible network resources under different names.
Plexus exploits the LSASS vulnerability described in >MS Security Bulletin MS04-011
Plexus also exploits the DCOM RPC vulnerability described in MS Security Bulletin MS03-026 just like last year's Lovesan.

Plexus searches local disks for files with the following extensions: htm; html; php; tbb; txt
and sends copies of itself to all email addresses found in these files.

Plexus attempts to prevent Kaspersky Anti-Virus databases from being updated by replacing the contents of the 'hosts' file in
Windows\System32\drivers\etc\hosts with the following data:
127.0.0.1 downloads1.kaspersky-labs.com
127.0.0.1 downloads2.kaspersky-labs.com
127.0.0.1 downloads4.kaspersky-labs.com
127.0.0.1 downloads-eu1.kaspersky-labs.com
127.0.0.1 downloads-us1.kaspersky-labs.com

Plexus opens and tracks port 1250, making it possible for files to be remotely loaded onto the victim machine and launched

Automatic removal:
Remove it from startup by antivirus (also check How To Remove section)Startup Optimizer.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

Womens Billige Christian Louboubin Sko Online Salg, 85% av Online Shopping.

inspirational music 2016

classical music for kids youtube handel arias

Recent plat

Fresh domestic bellhop instead of project

Full-grown galleries

for children

My brand-new website

Сенсация! Дев&

Mature purlieus

Gay blogging service, Everyday photos

Your love sex?..

Experimental Protrude

Чистка ультра

Loose galleries

Бесплатные порно фото с ежедневным обнов

Communal pictures

Sexual pictures

Grown up purlieus

ВСЁ САМОЕ ИНТ&

Unencumbered galleries

My up to date website

dimensions of a standard size twin mattress

Как правильно

classical music for studying and concentration for kids

film music composers jobs

New Poke out

НАСКОЛЬКО ВАЖ

С одной блочн

Big Black Grls!Old Fat MILF !# 5223794




SoftwareTipsandTricks, All Rights Reserved.