SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  Spoolserv.exe

Name Spoolserv.exe

Description

W32.Dinfor.Worm is a worm that spreads across network shares.
It exploits weak passwords and uses the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-039) to create user accounts on remote computers.
Joins an IRC channel and waits for commands from a remote attacker.
The attacker can:
Retrieve information about the infected host, such as the operating system version and the computer's hardware
Upload and download files
Execute files
Use the computer to perform Denial of Service (DoS) attacks on other computers

Copies itself as the following files:
%System%\Spoolserv.exe
%System%\Cmst32.exe
%System%\Smshost.exe
%System%\Svhost32.exe.

Attempts to delete the following files:
X:\Program Files\Norton AntiVirus\navapsvc.exe
X:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

Use antivirus (also check How To Remove section)Startup Optimizer to remove this worm.
And manually changes some values in the system registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
set the DWORD value:
"restrictanonymous" = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
Set the value:
"EnableDCOM" = "Y"


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :


Fatal error: Incompatible file format: The encoded file has format major ID 1, whereas the Loader expects 7 in /home/software/public_html/forum/includes/functions_vbseo.php on line 0