It is a Trojan horse program with backdoor capabilities that spreads to network shares and allows a remote attacker to gain unauthorized access to an infected computer.
Steals confidential information.
Attempts to access the network share folder $IPC.
If the network share folder is password-protected, the Trojan attempts to gain access using predefined user names and passwords.
Opens a backdoor by connecting to the IRC server newuslut.parited.net on TCP port 6564, and listening for commands from a remote attacker.
These commands may allow a remote attacker to perform some of the following actions:
- Perform a Denial of Service (DoS) attack against a target host
- Retrieve system information
- Connect to a URL
- Upload and download files
- Execute programs
- Log keystrokes
- Sniff network packets
- Conduct port scans against other computers
- Steal the Windows Product ID
- Steals CD keys for the different games
Navigate to the keys:
and delete the value: "Windows media service"="crvss.exe"
Still have a problem? Ask for help at our discussion forum.