SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  sysmon.exe

Name sysmon.exe

Description

Worm.Win32.Bizex
This worm uses the Internet instant messaging system ICQ to spread via the Internet.
The worm sends ICQ users a message with a URL, which is linked to a file which contains procedures to automatically download
and execute the malicious component of the worm on the victim computer.

On connecting to the site http://www.jokeworld.xxx/xxx.html (x here is used to replace certain characters) the CHM-exploit-a is used.
The result of this is that a specially constructed CHM file is automatically executed on the victim computer.
This file contains another file contains TrojanDropper, a type of Trojan written in script language.
This Trojan extracts a file named WinUpdate.exe from itself to a range of system directories.
WinUpdate.exe is a Trojan program of the TrojanDownloader group, which downloads the main component of the worm from a remote site,
and writes it to the temporary directory under the name aptgetupd.exe.

Adds the value: "sysmon" = %system%\sysmon\sysmon.exe
to registry key: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]

Steals information relating to a range of financial services, such as Acceso a Banca por Internet, Accueil Bred.fr > Espace Bred.fr, American Express UK - Personal, etc.
It also steals data transmitted by HTTPS, relating to accounts of a variety of mail services such as Yahoo, etc.
All stolen information is sent by FTP to a remote server: www.ustrading.info
The worm extracts a number of .dll files from itself and installs them in the Windows system directory: java32.dll, javaext.dll, icq_socket.dll, ICQ2003Decrypt.dll

Remove it from startup with antivirus (also check How To Remove section)Startup Optimizer.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

bmuuzadbup

janraaidut

Олимп трейд

elafjztweb

lzqxjamonn

yskkhxelfl

Порно фото. Безвозмездно смотреть секс по

zmaangxgkb

ajzkqqijbi

fjnjryjrpz

swrvkdrgrz

nbshcfwkzh

tzihcjiyxl

cjdtcgvfpu

Delivered grown-up galleries

uqxmrftohu

zbuedgydzd

zkcfvpytpu

niraelvxwk

cdlhaomteq

jlpjmahwus

jxtwhbgxwx

hhtncfanie

kvzqzouzic

tqklruhrcc

Mod Poke out

uoyssicoqq

Loose galleries

tsvtyyfcmw

eoeyudaqqg




SoftwareTipsandTricks, All Rights Reserved.