SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  GigaByte.exe

Name GigaByte.exe

Description

W32.HLLP.Shodi.B is a virus that prepends itself to the files that have a .exe extension.
The backdoor is configured to listen on TCP ports 6351 and 6352.
Searches for the files that have the .exe extensions on all the hard drives, starting with drive C.
The worm searches all the folders on the hard drive, except those with the following names: Windows; System; System32
It does not infect the files that have the following names: IEXPLORE.EXE; ccApp.exe; ccRegVfy.exe
Prepends itself to some of the files that it finds.

If the worm is executed on May 5, 2005, the virus will display a message box containing the text:
Important !!! Please read this The Next is in Arabic
followed by Arabic text.

Extracts the original host file to a file with a .ogr extension, and then executes it.
For example, if Notepad.exe is infected, the virus will extract the original Notepad program to Notepad.ogr, and then will run it.

Attempts to install a backdoor to an infected system by creating the following files:
%System%\oobb.exe: An installer detected as Backdoor.Trojan.
%System%\Cheatle.exe: A VB application detected as Backdoor.Trojan.
%System%\GigaByte.exe: A remote administration tool detected as Remacc.Radmin.
%System%\AdmDll.dll: A .dll component of Remacc.Radmin.
%Windir%\r_server.exe: Another copy of GigaByte.exe.
%Windir%\start.exe: Another copy of Cheatle.exe.

If these files are successfully dropped, they will add the following entries
"Cheatle"="%System%\GigaByte.exe /port:6351 /pass:hellomine"
"GigaByte"="%System%\Cheatle.exe"
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Automatic removal:
Use antivirus (also check How To Remove section)Startuip Optimizer to remove this worm.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

vzajvzhgli

kzcwyymgcw

vfrxcfcsju

prwtgwwbov

ihfkwtsape

bqwlwicggo

tgbofionkp

asian mail order brides

wpuurbvdqs

ucmpjfbpbo

vpifzltrtf

hfztoyhkho

Continuar

zvgyswxnll

hdygkksxsp

Клей для терм&

New spot

lbrkoeuojv

azlmwhuwwu

mxrphbojtr

vgioubijmk

xvblwcavth

cezecwhdfv

wbynwvxohf

essay writing service

kvvtvwomtw

ndbkobrsnc

tahohiwkif

ogtkcpnpha

olkgaighyr




SoftwareTipsandTricks, All Rights Reserved.