AntiAV.P is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. AntiAV.P is compressed using the UPX executable packer and its file size is 25,600 bytes. AntiAV.P drops the following files on the hard drive: - C:\WINDOWS\system32\wscsvc.dll (43520 bytes)
- C:\WINDOWS\TEMP\Loopt.bat (172 bytes)
It also changes Windows registry: - Sets value "I"="" in key "HKLM\System\CurrentControlSet\Services\wscsvc".
- Sets value "DisplayName"="wscsvc" in key "HKLM\System\CurrentControlSet\Services\wscsvc".
AntiAV.P configures following services on NT based machines: - Creates service "wscsvc (wscsvc)" as "%SystemRoot%\System32\svchost.exe -k netsvcs".
|
