SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  service5.exe

Name service5.exe

Description

W32.HLLW.Gaobot.AG is a minor variant of W32.HLLW.Gaobot.AE.
It attempts to spread to network shares that have weak passwords and allows attackers to access an infected computer through an IRC channel.

Opens a randomly chosen TCP port to connect to the attacker.
Connects to a predefined IRC channel, using its own IRC client, and listens for the special commands from the attacker.
When the worm runs, it allows the attacker to remotely control a compromised computer, allowing him/her to perform any of the following actions:
1. Manage the installation of the worm
2. Dynamically update the installed worm
3. Download and execute files
4. Steal a compromised system's information
5. Send the worm to other IRC users
6. Add accounts for the hacker

Sends data to TCP port 135, which exploits the DCOM RPC vulnerability, or sends data to TCP port 445 to exploit the RPC locator vulnerability.

Probes administrative shares using the following user/password combinations, in addition to the user names found on the remote computer, as the NetUserEnum() API determined.

Also, peforms the following actions:
1. After accessing vulnerable computers, the worm copies and executes itself on the new computers.
2. Steals CD keys of the different games.
3. Inventories the active processes and, if it is the name of the firewall and antivirus process the worm attempts to terminate it.
4. Attemps to kill all the running processes that other worms have dropped.
5. Can perform the following types of Denial of Service (DoS) attacks: Ping flood, TCP SYN flood, UDP flood.

This worm adds the value:
"MS Security Hotfix"="service5.exe"
to these registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

Use antivirus (also check How To Remove section)Startup Optimizer to automatically remove it from startup.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

jqaqunkvhg

vuxkqzdtto

sfwzudsycb

qxsbulvhhi

szycyasjht

zwyphrjahj

Free galleries

xltqfxuszj

nhljjlawdc

qqnovhtngn

piawrppfli

Callow Project

shbichrgsz

ydpopxzcxr

xdvcvqrwdw

mqqxzixoml

bxlymcrgya

hnmqjvhjhy

ffzyuwjxis

knrwnryzab

jlukkdeech

olctrlajck

ltxbflipvo

Super!!!

ykkqlevsgw

rxytbjuocn

vkwvkfzudd

Delivered grown-up galleries

oujjgbtqvv

cyyhnhlxve




SoftwareTipsandTricks, All Rights Reserved.