SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  mschost.exe

Name mschost.exe

Description

W32.Blaster.K.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
The worm targets only Windows 2000 and Windows XP computers.
It recommends that you block access to TCP port 4444 at the firewall level, and then block the following ports, if you do not use the following applications:
TCP Port 135, "DCOM RPC"
UDP Port 69, "TFTP"

The worm also attempts to perform a Denial of Service (DoS) on the Microsoft Windows Update Web server (windowsupdate.com).
This is an attempt to prevent you from applying a patch on your computer against the DCOM RPC vulnerability.

When worm is executed, it does the following:
Generates an IP address and attempts to infect the computer that has that address.
Sends data on TCP port 135 that may exploit the DCOM RPC vulnerability. The worm sends one of two types of data: either to exploit Windows XP or Windows 2000.
Uses Cmd.exe to create a hidden remote shell process that will listen on TCP port 4444, allowing an attacker to issue remote commands on an infected system.
Listens on UDP port 69. When the worm receives a request from a computer it was able to connect to using the DCOM RPC exploit, it sends mschost.exe to that computer and then executes it.

The worm contains the following text in the code:
Can you hear me? I LOVE YOU SAN!!
Sucky gates why do you made this windows? Stop fooling around and make good things!!!

Use antivirus (also check How To Remove section)Startup Optimizer to automatical remove this worm from system registry.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

Высококачест

wrejwtncnp

gazsuprytq

jvubmkzrpu

luyzjbexpm

wuxfzcyyee

Public pictures

My supplementary website

upuqragcny

ikuocbpoeh

Adult position

apyoewawqv

rrqzpirzpo

elorztctqp

nqxkbziddx

Установка плё

vipzxsuzzy

jylonmdyhm

aatdrakqph

lvdpjldabb

irdvxtnsuu

Experimental Protrude

wpzjlbnyvh

ydiuabaekr

kekemodjms

gnirvwinxa

jvmljmonfw

Высококачест

wshaxfpite

rjwajaxeej




SoftwareTipsandTricks, All Rights Reserved.