|W32.Dinfor.Worm is a worm that spreads across network shares.
It exploits weak passwords and uses the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-039) to create user accounts on remote computers.
Joins an IRC channel and waits for commands from a remote attacker.
The attacker can:
Retrieve information about the infected host, such as the operating system version and the computer's hardware
Upload and download files
Use the computer to perform Denial of Service (DoS) attacks on other computers
Copies itself as the following files:
Attempts to delete the following files:
X:\Program Files\Norton AntiVirus\navapsvc.exe
Use antivirus (also check How To Remove section)Startup Optimizer to remove this worm.
And manually changes some values in the system registry:
set the DWORD value:
"restrictanonymous" = "0"
Set the value:
"EnableDCOM" = "Y"
Still have a problem? Ask for help at our discussion forum.