SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  service5.exe

Name service5.exe

Description

W32.HLLW.Gaobot.AG is a minor variant of W32.HLLW.Gaobot.AE.
It attempts to spread to network shares that have weak passwords and allows attackers to access an infected computer through an IRC channel.

Opens a randomly chosen TCP port to connect to the attacker.
Connects to a predefined IRC channel, using its own IRC client, and listens for the special commands from the attacker.
When the worm runs, it allows the attacker to remotely control a compromised computer, allowing him/her to perform any of the following actions:
1. Manage the installation of the worm
2. Dynamically update the installed worm
3. Download and execute files
4. Steal a compromised system's information
5. Send the worm to other IRC users
6. Add accounts for the hacker

Sends data to TCP port 135, which exploits the DCOM RPC vulnerability, or sends data to TCP port 445 to exploit the RPC locator vulnerability.

Probes administrative shares using the following user/password combinations, in addition to the user names found on the remote computer, as the NetUserEnum() API determined.

Also, peforms the following actions:
1. After accessing vulnerable computers, the worm copies and executes itself on the new computers.
2. Steals CD keys of the different games.
3. Inventories the active processes and, if it is the name of the firewall and antivirus process the worm attempts to terminate it.
4. Attemps to kill all the running processes that other worms have dropped.
5. Can perform the following types of Denial of Service (DoS) attacks: Ping flood, TCP SYN flood, UDP flood.

This worm adds the value:
"MS Security Hotfix"="service5.exe"
to these registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

Use antivirus (also check How To Remove section)Startup Optimizer to automatically remove it from startup.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

Experimental Protrude

Reminder

Hardblush

Порно фото. Безмездно смотреть секс порно

Аренда спецте

Social pictures

Вулкан гранд &

Adobe Acrobat PRO DC 2015 [ Mac Os X ] [ UPGRADABLE ] [ FirstKick ] [ nFa ]

Игровые автом

Delivered adult galleries

Design the Web: Graphics and CSS Pseudo-Elements

tyler perrys temptation confessions of a marriage

Recent site

Sexual pictures

Day after day gay photos assistance

Total Uninstall 6 17 1 Professional Edition [Multilanguage] [Crack-RmK-FreE] rar

Social pictures

Unshackle galleries

Team Pending

Grown up placement

Experimental Protrude

edegavsaij

eyhkbpuctg

itmmzbjzqp

brqxxkozwh

Quotidian updated photo blog with boiling men

apihexsqww

zbclmjpezj

lcihhbsbqk

Reminder




SoftwareTipsandTricks, All Rights Reserved.