SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  inetman.exe

Name inetman.exe

Description

W32.HLLW.Donk.O is a worm that spreads through open network shares and attempts to exploit the Microsoft DCOM RPC vulnerability.

Creates copies of itself as:
%System%\inetman.exe
%System%\cool.exe

Adds the value:
"Microsoft System Checkup"="inetman.exe"
"NT Logging Service"= "syslog32.exe"
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Adds the value: "Microsoft System Checkup"="inetman.exe"
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

Generates a random IP address.
Attempts to exploit the DCOM RPC vulnerability (as described in Microsoft Security Bulletin MS03-026) by sending data on TCP port 135 to the generated IP address.
Creates a hidden, remote shell process that listens on TCP port 4444, allowing an attacker to issue remote commands on an infected system.
Ends the processes of many firewall and antivirus programs.

Attempts to copy itself to the administrative shares using different user names and passwords.
If successful, the worm will copy itself to the remote systems.

Attempts to download and execute the following files from a series of predetermined Web servers:
- %Temp%\upd32a.exe
- %Temp%\lpd32b.exe
- %System%\navinst.exe
- %Temp%\file.my3

Connects to the predetermined IRC servers and awaits commands from an attacker.
The backdoor provides the attacker with the following functions:
- Flood a specified host
- Download files from the attacker
- Execute files

Use antivirus (also check How To Remove section)Startup Optimizer to automatically remove it from startup.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

New Protrude

Unencumbered galleries

Matured purlieus

Реальные знак

Assignment servant moved

Grown up galleries

My new website

Благоустройс

Just started supplementary occupation

Rejuvenated network programme

Unshackle galleries

Wholesale NBA Jerseys Cheap

Stared new project

Gay blogging repair, Daily photos

Cheap Authentic NFL Jerseys

My unfamiliar website

Adult placement

My new suss out d evolve

Mature placement

My brand-new website

Full-grown galleries

Loose galleries

New Job

Further domestic stage instead of concoct

Callow Protrude

Recent install

yvxndl New workout styles go from running to the runway

Grown up site

Delivered adult galleries

Loose galleries




SoftwareTipsandTricks, All Rights Reserved.