SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  drvddll.exe

Name drvddll.exe

Description

Bagle.z is an Internet worm spreading as an infected email attachment.

Infected message characteristics:
Sender address: random
Subject and attachment name are one from the predefined list.
Attachment characteristics:
.exe .com .scr and .cpl binary code file
.vbs script
.hta html-file

Message body:
There is a wide range of possible message texts.

The message may contain a VBS script; if this is launched by the user, it exploits a Microsoft Internet Explorer vulnerability (Microsoft Security Bulletin MS03-040) which makes it possible to download the executable worm file via the Internet from several dozen infected web sites.

It copies itself to the Windows system directory under the name "drvsys.exe",
and registers this file in the system registry autorun key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"drvddll.exe" = "%system%\drvddll.exe"

It seraches for and deletes some keys in the system registry related with Firewall or Antivirus programs.
The worm also attempts to connect to a range of remote sites, and to save information about the victim computer on these sites.

The worm searches the computer for files with some extensions and sends itself to all email addresses found in these files.
It uses its own SMTP-server to send messages.

The worm searches the computer for folders where the name contains the word 'shar' and copies itself several times to each folder found, under the names of popular applications, such as ACDSee 9.exe, Adobe Photoshop 9 full.exe, Ahead Nero 7.exe etc.

The worm opens port 2535 and tracks port activity.
The backdoor function makes it possible to remotely execute commands and download files to the victim machine.
The worm attempts to combat antivirus programs and firewalls by terminating required memory processes.

Use antivirus (also check How To Remove section)Startup Optimizer to remove this worm from startup.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

Stared fashionable concoct

Latest install

Grown up galleries

лучшие сериал

Unshackle galleries

comes to unconsumed in good while loosing importance

free background music wav files

xbox one universal apps background music

lex-sale.com

Смотреть филь

Новинки 2017 лучш

2017 бесплатно лу

can be a unsecured guarantor loan the proper solution to fit the bill check this in the market to find out

Can you help me out? =((

learn to provide an outstanding pot regarding caffeine

Loose galleries

what is baroque music like nickelback

considerable training your dog solutions to live by

best free music downloads for android phones

Big Black Grls!Old Fat MILF !# 6654444

Mature site

make use of these tips to your property enterprise

Black Fat - Ebony moms boobs# 8847813

2017 список лучши

Sexual pictures

Further home page as throw

Fat Pussy BBW!Black Girls photo!# 8881776

Full-grown galleries

Слоты казино &

Pictures from social networks




SoftwareTipsandTricks, All Rights Reserved.