SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  WinSys32dll.vbs

Name WinSys32dll.vbs

Description

I-Worm.Horillka
This malicious worm spreads via the Internet in the form of a file attached to infected messages.

It copies itself to the Windows system directory under the name WinSys32dll.vbs, and registers this file in the system registry autorun key.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WinSys32dll.
The virus mass mails all addresses found in the Microsoft Outlook address book.

Characteristics of infected messages:
Message header:
????????!
Message body:
???????? ????? vbs ?????????? ??? ?????? ??????? ? ?????? ?? Windows!
??? ???????? ???????? ? ????????, ?????????????? ?? ?????.
???????????? ?????? ??????? ?? ??????-?????, ??? ???????? ?????????????
vb ? js ??????, ?????? ??? ??? ?????? ????????????? ????????????.
?????????? ??????? ???? ? ????????? ?? ?????????? ??????? ???????? ?????
??????????? ???????? ? ?????? ??????????.
Attachment:
WinSys32.dll.vbs

Once messages have been sent, the virus sends its author a message which includes all .pwl (password) files found in the Windows directory.
The virus copies itself to all disks and all directories under the name of Folderdll.vbs and marks these files as hidden.
It searches the Windows folder for files with the following extensions: .vbs; .jpg; .jpeg; .gif; .bmp; .htm; .html; .avc; .txt; .doc; .mp3; .wav; .dbf

- Horilka overwrites .vbs files with its own code.
- It replaces .jpg, .jpeg, .gif and .bmp files with a GIF format graphic contained in the body of the virus.
- It adds the following code to .htm and.html files:
object id='test' data='#' width='100%' height='100%' type='text/x-scriptlet' VIEWASTEXT
- .avc files are overwritten with the phrase:
Vyatka was here
.txt and .doc files are overwritten with the following text:
????????? ???????! ??? ?????? ????? ?? ????? - ??????? ??????.
Dear friends! You was hacked by virus from Vyatka (situated in deep ass of Russia)
..:: Xpi1oT ::..
- .mp3 and .wav files are replaced by sound files contained in the body of the worm
- If the worm finds any files with a .dbf extension, it deletes them

The virus displays the announcement: COOOOOOOOL
on 11th December every year, and overwrites the autoexec.bat file with the commands to format your hard disks.

Use antivirus (also check How To Remove section)Startup Optimizer to automatically remove this registry item.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

Последние нов

Прочные швед&

Harry Potter e as Reliquias da Morte – Parte 1 – Dublado Full HD 1080p Online

Renewed plat

Mature galleries

Renewed plat

Asiame Review

Big Black Grls!Old Fat MILF !# 1427321

Grown up galleries

Free matured galleries

Black Fat - Ebony moms boobs# 5127273

Fat Pussy BBW!Black Girls photo!# 858537

Learn English

Free matured galleries

Share and comment

Долговечные

Recent plat

Crossing Lines

My brand-new website

Wayward.Pines.S01E07.HDTV.x264-LOL[ettv][270 Mb] Video TV shows

Adult position

Качественные

Mature site

Loose grown-up galleries

Cheap Authentic NFL Jerseys

Sexual pictures

Pictures from community networks

Wholesale Adidas Hockey Jerseys

Wholesale MLB Jerseys China

Cheap Hockey Jerseys




SoftwareTipsandTricks, All Rights Reserved.