SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  drvddll.exe

Name drvddll.exe

Description

Bagle.z is an Internet worm spreading as an infected email attachment.

Infected message characteristics:
Sender address: random
Subject and attachment name are one from the predefined list.
Attachment characteristics:
.exe .com .scr and .cpl binary code file
.vbs script
.hta html-file

Message body:
There is a wide range of possible message texts.

The message may contain a VBS script; if this is launched by the user, it exploits a Microsoft Internet Explorer vulnerability (Microsoft Security Bulletin MS03-040) which makes it possible to download the executable worm file via the Internet from several dozen infected web sites.

It copies itself to the Windows system directory under the name "drvsys.exe",
and registers this file in the system registry autorun key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"drvddll.exe" = "%system%\drvddll.exe"

It seraches for and deletes some keys in the system registry related with Firewall or Antivirus programs.
The worm also attempts to connect to a range of remote sites, and to save information about the victim computer on these sites.

The worm searches the computer for files with some extensions and sends itself to all email addresses found in these files.
It uses its own SMTP-server to send messages.

The worm searches the computer for folders where the name contains the word 'shar' and copies itself several times to each folder found, under the names of popular applications, such as ACDSee 9.exe, Adobe Photoshop 9 full.exe, Ahead Nero 7.exe etc.

The worm opens port 2535 and tracks port activity.
The backdoor function makes it possible to remotely execute commands and download files to the victim machine.
The worm attempts to combat antivirus programs and firewalls by terminating required memory processes.

Use antivirus (also check How To Remove section)Startup Optimizer to remove this worm from startup.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

tjcepyqzfh

pdgqzsrwkn

grsxwjgzku

Ламинин Laminine LPGN Ска

mptnlkxxhx

pqsuhbrzfj

ifrbtskxox

cekhwsddns

tmtrvfvkey

ruyjdgpwum

btusstxbjz

rfnpmlnfqr

irfstzohgb

zrikrzilde

sunqsndnpp

ksxusdgnva

hlzzmlrnld

xnvbyggjak

bbjiehwdum

Super!!!

hhkwijrqne

bpxgcumddv

vjudelfxwl

mtgfvfncja

vhlvpvzyab

ljjxtxdvah

pkdrwlzppn

diawbonrtw

vnmfrwpgsw

Бесплатная эротика и секс фото галереи




SoftwareTipsandTricks, All Rights Reserved.