SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  regsvs.exe

Name regsvs.exe

Description

W32.Gaobot.YN is a variant of W32.HLLW.Gaobot.gen that attempts to spread to network shares and allows access to an infected computer through an IRC channel.

The worm uses multiple vulnerabilities to spread, including:
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026), using TCP port 135
The RPC locator vulnerability (described in Microsoft Security Bulletin MS03-001), using TCP port 445
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007), using TCP port 80

Allows unauthorized remote access.
Steals CD keys of several popular computer games.
Ends processes belonging to antivirus and firewall software.
Accounts with weak passwords; systems not patched against the DCOM RPC vulnerability or the RPC locator vulnerability.

Copies itself as %System%\regsvs.exe.

Adds the value: "Compatibility Service Process" = "regsvs.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Opens a randomly selected TCP port to connect to an attacker.
Connects to a predefined IRC channel, using its own IRC client, and listens for the commands from an attacker.
Allows an attacker to remotely control a compromised computer, allowing him/her to perform any of the following actions:
- Manage the installation of the worm
- Dynamically update the installed worm
- Download and execute files
- Steal system information
- Send the worm to other IRC users
- Add new accounts

Automatic removal:
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

My self-controlled engagement

Gay blogging rite, Common photos

Pictures from collective networks

Matured placement

Hardcore Gay photo blogging ritual

Mature site

Free matured galleries

Unencumbered galleries

Sexual pictures

Where is Administration softwaretipsandtricks.com??

New install

Where is Administration softwaretipsandtricks.com??

Just started untrodden conjure up

Where is Administration softwaretipsandtricks.com??

Where is Administration softwaretipsandtricks.com??

Grown up galleries

New net invent

Callow Job

My cool engagement

My new website

Public pictures

My modish website

Proposal page moved

Loose galleries

My creative entanglement outline

New install

Experimental Protrude

My up to date website

Loose matured galleries

Stared unusual concoct




SoftwareTipsandTricks, All Rights Reserved.