SysChat

SysChat (http://www.syschat.com/forum.php)
-   Security (http://www.syschat.com/tutorials/security/)
-   -   Windows XP and Vista Threat: WORM_RBOT.AVL - Effects and Removal (http://www.syschat.com/windows-xp-vista-threat-worm_rbot-avl-4703.html)

DanielGray 06-11-2009 09:27 PM

Windows XP and Vista Threat: WORM_RBOT.AVL - Effects and Removal
 
The Worm_RBOT.AVL is dispersed through network shares. This category of worm gathers the listings of passwords and user names from the infected system. This type of threat comprises of a backdoor utility. It can influence Windows (XP, and Vista). This risk is also known as W32.Spybot.Worm and New_Malware.b.

WORM_RBOT.AVL Penetrating Methods

This particular worm duplicates its files into the hard drive using the file name WORM_RBOT.AVL. Then it constructs a startup key and the value mspn32.exe. When executed, it duplicates its files to the Windows System directory and creates the following registry entries to be able to run every startup:
• HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
Process Manager - mspn32.exe
• HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ RunServices
Process Manager- mspn32.exe

How to Avoid WORM_RBOT.AVL Infection

To avoid this type of threat, the user is advised to download security software and always keep the antivirus application updated. Turn on the system firewall at all times and regularly scan the system for other threats. It may me wise to use Avast! Antispyware and True Sword.

WORM_RBOT.AVL Infection Symptoms

WORM_RBOT.AVL exposes these subsequent Windows weakness to be able to distribute its malicious intent across the network: Vulnerability of SQL Buffer Overflow, WebDAV/ITS, RPC, DCOM object model, and LSASS. It may also try to link to a specific IRC Server, listens to information and commands from the attacker and executes the instruction on the contaminated system. It may also gather serial numbers, CD keys, product ID, and may initiate a network sniffer to hoard passwords and other data.

WORM_RBOT.AVL Effects

It may execute basic FTP function and basic IRC operation. The WORM_RBOT.AVL also performs flood attacks such as: Ping flood, ICMP flood, UDP flood, TCP flood, SYN flood, downloads additional files, accesses FTP server, initiate command shell, send emails, halt legitimate services, erase DNS cache, generate bogus account, and executes malicious command on affected system.

Easy WORM_RBOT.AVL Removal

It is recommended to utilize True Sword and Trend Micro Cleanup Engine anti-spyware software to fully eliminate the WORM_RBOT.AVL and other malicious application. Scan the entire system and delete all files detected by the antivirus software.

How to Remove WORM_RBOT.AVL

To manually erase the WORM_RBOT.AVL, try to stop the processes using Task Manager. Identify the processes used by the worm and delete the running files identified. To use the Registry Editor, access the Run on Start button, press Enter. Delete ther registry entries as well as its executables:
• HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
• HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunServices
• mspn32.exe


All times are GMT -4. The time now is 11:44 PM.


Copyright © 2005-2013 SysChat.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54