|W32.HLLW.Donk is a worm that spreads through network shares, opening numerous TCP ports in the process.
Also has backdoor capabilities that give a hacker access to infected computer.
Also Known as Backdoor.SdBot.gen
Copies itself as %System%\Scchost.exe.
Adds the registry value: "Services Host"="Scchost.exe"
to the registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
If the filename of the worm is not scchost.exe, the program will kill itself and start scchost.exe as a service.
Attempts to spread using the following file shares:
If a connection is made, the worm copies itself to the following folders:
Winnt\Profiles\All Users\Start Menu\Programs\Startup
Documents and Settings\All Users\Start Menu\Programs\Startup
Connects to a specific IRC server and joins a specific channel to accept instructions from the hacker:
Flooding a specified host
Downloading a file from the hacker
Executing a file
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.
Still have a problem? Ask for help at our discussion forum.