SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  %windir1%\system\svchost.exe

Name %windir1%\system\svchost.exe

Description

I-Worm.Plexus.a
Plexus is an Internet worm which spreads in three different ways: as an email attachment, via file-sharing networks and using the LSASS
and RPC DCOM vulnerabilites in MS Windows like Sasser and Lovesan respectively.
In addition, Plexus carries a potentially dangerous payload.

Upon execution, the worm displays a fake error message, chosen at random from predefined list:
- CRC checksum failed.
- Pack method not implemented.
- Could not initialize installation. File size expected=26523, size returned=26344.
- File is corrupted.

Plexus copies itself into the Windows\System32 directory as upu.exe.
It then installs two files:
- a file named setpupex.exe to the Windows\System32 directory
- a file named svchost.exe to the Windows root directory - the main module of Plexus.a.

Plexus copies itself to shared folders and accessible network resources under different names.
Plexus exploits the LSASS vulnerability described in >MS Security Bulletin MS04-011
Plexus also exploits the DCOM RPC vulnerability described in MS Security Bulletin MS03-026 just like last year's Lovesan.

Plexus searches local disks for files with the following extensions: htm; html; php; tbb; txt
and sends copies of itself to all email addresses found in these files.

Plexus attempts to prevent Kaspersky Anti-Virus databases from being updated by replacing the contents of the 'hosts' file in
Windows\System32\drivers\etc\hosts with the following data:
127.0.0.1 downloads1.kaspersky-labs.com
127.0.0.1 downloads2.kaspersky-labs.com
127.0.0.1 downloads4.kaspersky-labs.com
127.0.0.1 downloads-eu1.kaspersky-labs.com
127.0.0.1 downloads-us1.kaspersky-labs.com

Plexus opens and tracks port 1250, making it possible for files to be remotely loaded onto the victim machine and launched

Automatic removal:
Remove it from startup by antivirus (also check How To Remove section)Startup Optimizer.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

ekrxtkogyi

cpnmkfndea

xmotbarqyd

zgzkukvjaf

fqsecludws

Unencumbered galleries

njumwjdqxn

rscxsegvnn

Free galleries

xglltkefsp

rhvpiqtogd

rebsfvzkqg

Mod Protrude

odvetroado

ntvdbypxzf

liszpvrmzp

jnxddjbfck

My brand-new website

eygizairlr

axxvyznoiq

rhodjseosz

rzjtizquux

lnimhnodus

wzohaddwho

sgevfnpbfg

Бодибилдинг: &

jrqkuelvwo

Pictures from collective networks

unnvqxxzlw

Matured purlieus




SoftwareTipsandTricks, All Rights Reserved.