Proland Software Download Anti virus software now!

Home
Anti virus products
Download Anti virus Software
Order On-line
Support
Email
Protector Plus Anti virus Software for
Anti virus Software for Windows XP and 2000
Antivirus Software for Windows Vista
Antivirus Software for Windows Me and 98
Anti virus Software for Exchange
Anti virus Software for NetWare
Protector Plus Console
Buy Anti virus software now!


SpamChoke Antispam
Software

Subscribe to Virus Alert
Mailing List

Enter your Email
 (Ex : john@company.com)






Download Anti virus software

W32/Surubat.A Worm

Blueball Information about the W32/Surubat.A Worm:

W32/Surubat.A is a mass mailing worm. The worm will infect Windows systems and spreads through email.

The 'From' address of the infected mail will be;

Administrator

The 'Subject' address of the infected mail will be;

System Administrator, This is out report of naked isue

The 'Body' address of the infected mail will be;

Please read attachment bellow, and please reply to me..!!!
hope we dont have miss understanding
thanks...!!!

The name of the infected attachment will be;

Peta_Instalasi_Nuklir_Israel.zip

Upon execution, the worm creates the following files:

MSOHEV.EXE in the ProgramFiles\MICROSOFT OFFICE\OFFICE folder,
PETA_INSTALASI_NUKLIR_ISRAEL.EXE in the %SystemDrive%,
DATABASE.TXT, documents.exe, safemode.exe, taskmanager.exe in the Windows folder,
scvhost.exe, systems.exe, winamps.exe, winzip.exe in the Windows\Restore folder,
systema.exe in the Windows\mmsgs folder.

The worm also copies itself to the following network shares:

$ADMIN, $printer and $IPC

It modifies the registry at the following locations:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Identities\[UNIQUE CURRENT USER SUBKEY]\Software\Microsoft\Outlook Express\5.0\Mail
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice

The worm gathers target email recipients from the following registry subkeys:

HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts

It then uses the Messaging Application Programming Interface (MAPI) to send copies of itself to the harvested email addresses.

The worm also attempts to join the following channel using TCP port 6667:
irc.librenet.net

The worm uses the above channel as a back door, which allows a remote attacker to perform the following commands:

Download a file
Upload a file
Execute a file
Use Command Prompt

This worm first appeared on February 07, 2007.

Blueball Other names of W32/Surubat.A Worm:

This Worm is also known as W32.Surubat.A@mm.

Download Now

Download the FREE Evaluation copy of Protector Plus antivirus software


Blueball About Protector Plus Antivirus Software Packages:

Proland Software is the developer of Protector Plus range of antivirus software packages. Protector Plus 2007 is available for Windows Vista, Windows 95/98/Me, Windows XP, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS and NetWare servers.

Anti virus for Windows Download Now! Special Offer Order Protector Plus Antivirus software Now and get SpamChoke Antispam Software worth $29.95 FREE!

Protector Plus range of antivirus products offer on-line virus detection and removal. All the packages have the ability to detect and isolate all types of viruses, trojans, worms and other types of malware.

These products are updated on a continuous basis and the latest upgrades for all the platforms are made available for downloading from this site.

Click here to order
Protector Plus anti virus software 

 Buy Anti virus software now!


You can download the 30 day evaluation copy of the
antivirus software free of cost for these platforms:
Anti virus Software for Windows XP and 2000 Anti virus Software for Windows Me and 98 Anti virus Software for Exchange Anti virus Software for NetWare


HomeAnti virus productsDownload Anti virus SoftwareOrder On-lineEmail

Copyright © 2007 Proland Software. All rights reserved.


Download Anti virus software