The actual location of the files on the Web are currently shut down. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32DLL=C:\WINDOWS\Win32DLL.vbsĪlso, it sets the default page of Internet Explorer to download a copy of WIN_BUGFIX.exe, which appears to be a backdoor server. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSKernel32=C:\WINDOWS\SYSTEM\MSKernel32.vbs The worm modifies the registry information to make itself run during next boot-up: In the Windows directory the name is Win32DLL.vbs, in the Windows system directory the names are MSKernel32.vbs and. The worm will copy itself to multiple subdirectories using different names. The worm will spread targeting Windows 98, Windows 2000 by default and Windows NT 4.0 and Windows 95 if the Windows Scripting Host (WSH) engine is installed. In big organizations the volume of e-mail generated has the potential to overload e-mail servers. The worm spreads itself by generating an e-mail like described above, attaching itself and send that e-mail to all recipients in all Outlook address books. If you receive an e-mail that fits the above description do not open the attachment. Kindly check the attached LOVELETTER coming from me.ĭepending on the system configuration the extension. It arrives as an attachment of an e-mail with the subject line Letter is a Visual Basic Script (VBS) VBS based e-mail worm.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |