The worm copies itself to the following network resources as Winzip_TMP.exe: When sending infected messages, the worm attempts to establish a direct connection to the recipient's SMTP server. It also scans files if the names contain the following strings: The worm harvests addresses from files with the following extensions: The worm also modifies the following registry keys: The worm then registers itself in the system registry, ensuring it will be launched each time Windows is rebooted on the victim machine: %User Profile%\Start Menu\Programs\Startup\WinZip Quick Pick.exe When installing, the worm copies itself to the Windows root, system and start up directories under the following names: The ZIP archive has the name as the original executable file, e.g. Once launched, masking its main functionality, the worm creates and opens a ZIP archive in the Windows system directory. The packed file is approximately 95KB in size, and the unpacked file is approximately 176KB in size. The worm itself is a PE EXE file written in Visual Basic, packed using UPX. It sends itself to email addresses harvested from the victim computer. I hope this helps, and if there is anything else we might assist you with please let us know.This worm spreads via the Internet as an attachment to infected messages and via open network resources. If you require assistance with checking your system for threats then please follow the instructions in this topic and then create a new topic on the malware removal area by clicking here and one of our malware removal specialists will assist you with checking and clearing your system of any remaining threats. If you wish to see if ADWCleaner detects anything you can find it here. It is usually the case that Malwarebytes and ADWCleaner detect different things from one another, though there is occasionally overlap (they use different detection techniques and separate Research teams to create their detection signatures/definitions and use somewhat different criteria for determining what they will and will not detect). If you perform a scan with ADWCleaner I bet it would likely detect it. This thread is about ADWCleaner, not Malwarebytes, detecting Winzip Smart Monitor, so that would likely explain why up until recently Malwarebytes showed no detections on your system.
0 kommentar(er)
