[Cialug] OT: New Windows worm is complex and nasty!

Barry Von Ahsen barry at vonahsen.com
Wed Dec 31 14:28:05 CST 2008


Dave Weis wrote:
> 
> Looks like it's easy to remove:
>> It then copies itself as the following files:
>>
>>     * %ProgramFiles%\Internet Explorer\[RANDOM FILE NAME].dll
>>     * %ProgramFiles%\Movie Maker\[RANDOM FILE NAME].dll
>>     * %System%\[RANDOM FILE NAME].dll
>>     * %Temp%\[RANDOM FILE NAME].dll
>>     * C:\Documents and Settings\All Users\Application Data \[RANDOM 
>> FILE NAME].dll
> 
> Just go to those directories and
> del *.dll
> 
> Problem solved!

I want to know how they got my password list

-barry


More information about the Cialug mailing list