SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  hxdef.exe

Name hxdef.exe

Description

W32.Lovgate.R@mm is a variant of W32.Lovgate@mm.
It is a mass-mailing worm that attempts to email itself to all the email addresses that it finds on the computer.
The "sender" of the email is spoofed, and the subject line and message body of the email vary.
Also known as W32/Lovgate.x@MM, I-Worm.LovGate.w

Copies itself as these files:
%System%\Hxdef.exe

Adds the values:
"Hardware Profile"="%System%\hxdef.exe
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Adds the value: "SystemTra"="%Windir%\Systra.exe"
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

Adds the values:
"run"="RAVMOND.exe"
to the registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

May create the subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ZMXLIB1

Stops the following services: Rising Realtime Monitor Service, Symantec Antivirus Server, Symantec Client.
Scans all the computers on the local network, and uses the following passwords to attempt to log in as "Administrator."
Starts an FTP server on a random port, no authentication required, which means that the infected computer is accessible to anyone.
Creates the file, Autorun.inf, in the root folder of all the drives, except the CD-ROM drives, and copies itself as Command.com into that folder.

Scans all the drives, if the drive type is removable or mapped or the drive type is fixed with a drive letter greater than E.
The worm will do the following on all the found drives:
Attempts to rename the extension on all .exe files to .zmx.
Sets the attributes to Hidden and System on these files.
Copies itself as the original file name.
For example, if the worm finds OriginalFile.exe, it will be renamed to OriginalFile.zmx. The worm will then copy itself as OriginalFile.exe.

Attempts to spread to other computers by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
Scans the system WAB file, temporary Internet files, and all the fixed and ram disks, and it sends itself to all the email addresses it found.
Uses its own SMTP engine to send itself to the email addresses that it finds in step 25 and 26.

Automatic removal:
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

jqaqunkvhg

vuxkqzdtto

sfwzudsycb

qxsbulvhhi

szycyasjht

zwyphrjahj

Free galleries

xltqfxuszj

nhljjlawdc

qqnovhtngn

piawrppfli

Callow Project

shbichrgsz

ydpopxzcxr

xdvcvqrwdw

mqqxzixoml

bxlymcrgya

hnmqjvhjhy

ffzyuwjxis

knrwnryzab

jlukkdeech

olctrlajck

ltxbflipvo

Super!!!

ykkqlevsgw

rxytbjuocn

vkwvkfzudd

Delivered grown-up galleries

oujjgbtqvv

cyyhnhlxve




SoftwareTipsandTricks, All Rights Reserved.