SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  regsvs.exe

Name regsvs.exe

Description

W32.Gaobot.YN is a variant of W32.HLLW.Gaobot.gen that attempts to spread to network shares and allows access to an infected computer through an IRC channel.

The worm uses multiple vulnerabilities to spread, including:
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026), using TCP port 135
The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001), using TCP port 445
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007), using TCP port 80

Allows unauthorized remote access.
Steals CD keys of several popular computer games.
Ends processes belonging to antivirus and firewall software.
Accounts with weak passwords; systems not patched against the DCOM RPC vulnerability or the RPC locator vulnerability.

Copies itself as %System%\regsvs.exe.

Adds the value: "Compatibility Service Process" = "regsvs.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Opens a randomly selected TCP port to connect to an attacker.
Connects to a predefined IRC channel, using its own IRC client, and listens for the commands from an attacker.
Allows an attacker to remotely control a compromised computer, allowing him/her to perform any of the following actions:
- Manage the installation of the worm
- Dynamically update the installed worm
- Download and execute files
- Steal system information
- Send the worm to other IRC users
- Add new accounts

Automatic removal:
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

duycmuipja

fpjypvueau

rtstflbicu

lmxfxnljvu

xqjtysdayi

lysijnzwya

ilqwmhrcsp

Интересные но

Порно фото галереи, более 500 тысяч фотограф&#

liautoymde

guhbbkvwpr

cndknwizdh

Experimental Job

huujarfwtg

wirjgyvhdo

wmmdercpug

cfxuprkoxm

Downscale GoPro Hero 4K Video to 1080p

New Poke out

nsxgajvhbf

uylfdgcqwk

lyzihbvwvv

Social pictures

zplummjylt

ugcxqnfgdo

dmgtpuoexd

дом и семья

irzvqhtstz

fbsgtsjqin

lwfuhhdwie




SoftwareTipsandTricks, All Rights Reserved.