AW: Worm/Buchon.E.2 - Worm
Technical DetailsIf the virus Worm/Buchon.E is executed, it adds the following entry in the Windows Registry:
HKEY_CURRENT_USER\Software\Microsoft\W indows\CurrentVersion\Run "Windowsupdate Service"="\%Path%\%Dateiname%.exe" <<<< diesen Eintrag in der registry löschen!!! dann müsste er eigentlich weg sein.
This entry causes that the worm be executed automatically whenever Windows starts.
The worm creates a Mutex object named "AAAA_BBBBCCCCDDDDEEEE_FFFF".
The worm sends a HTTP requests to random IP addresses on TCP ports which varies between the range 25000 - 25500.
The worm tries to establish a connection with the following SMTP servers:
mx02.peoplepc.com
mx4.earthlink.net
mailhost.hetnet.nl
mailprove.netvigator.com
sbcmail2.prodigy.net
mx8.earthlink.net
pbimail2.prodigy.net
mx2.optonline.net
mx02.mindspring.com
mx-ha01.web.de
mx5.prodigy.net
mx7.earthlink.net
Ansonsten hol dir Spyware Search&Destroy und lass das Ding entfernen!!
Gruß
Noppe