Home Forums Windows 7 Security Tips

Windows 7
Windows Vista
Windows XP

Security Tips
Keyboard Shortcuts


Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Hot Downloads

Privacy Policy
Contact Us


Name sysmon.exe


This worm uses the Internet instant messaging system ICQ to spread via the Internet.
The worm sends ICQ users a message with a URL, which is linked to a file which contains procedures to automatically download
and execute the malicious component of the worm on the victim computer.

On connecting to the site (x here is used to replace certain characters) the CHM-exploit-a is used.
The result of this is that a specially constructed CHM file is automatically executed on the victim computer.
This file contains another file contains TrojanDropper, a type of Trojan written in script language.
This Trojan extracts a file named WinUpdate.exe from itself to a range of system directories.
WinUpdate.exe is a Trojan program of the TrojanDownloader group, which downloads the main component of the worm from a remote site,
and writes it to the temporary directory under the name aptgetupd.exe.

Adds the value: "sysmon" = %system%\sysmon\sysmon.exe
to registry key: [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]

Steals information relating to a range of financial services, such as Acceso a Banca por Internet, Accueil > Espace, American Express UK - Personal, etc.
It also steals data transmitted by HTTPS, relating to accounts of a variety of mail services such as Yahoo, etc.
All stolen information is sent by FTP to a remote server:
The worm extracts a number of .dll files from itself and installs them in the Windows system directory: java32.dll, javaext.dll, icq_socket.dll, ICQ2003Decrypt.dll

Remove it from startup with antivirus (also check How To Remove section)Startup Optimizer.

Still have a problem? Ask for help at our discussion forum.

Search Dangerous Files :

: : Recent posts at Forums : :

Fatal error: Incompatible file format: The encoded file has format major ID 1, whereas the Loader expects 7 in /home/software/public_html/forum/includes/functions_vbseo.php on line 0