Name: w32 / sircam-a alias: w32.sircam.worm@mm, w32 / sircam @ mm, backdoor.sircam Category: Win32 worm COOLINGER Translation Description: W32 / SIRCAM-A is a network virus, it passes email and open Network sharing spread. It is randomly sends an email with the same name. Note that the file name of this attachment is a more special double-enrichment name. For example ,.doc.com or mpg.pif et al. If the attachment is opened, then this worm copies itself to the Windows system directory and name SCAM32.EXE, and it also copies itself to the trash file directory and named SIR C32.EXE. Note that the attributes of these two files are implicit. If you want to see, you will change its properties. This worm also changes hkey_local_machine / software / microsoft / windows / currentvers Ion / runservices / driver32 = "/ scam32 "The value of the registry allows Windows to start the worm, and also change hkey_classes_root / exec / shell / open / command =" "c: / recycled / s irc32.exe" "% 1"% * "to make the virus Run when the user runs any exe programs. The worm uses HKLM / Softwar E / SIRCAM to store some core data. If the worm discovers the sharing on the network, then it will start trying to copy it to the other party's share and name it. Rundll32.exe, the original Rundell32.exe is named Run32.exe. If this is successful, then it changes AutoExec.bat to run this worm being copied into the trash file directory. This worm has its own SMTP transaction Windows's address thin and all mailbox addresses that can be found in the Internet cache, the same email address may send multiple viral attachments. Different operating system language environments may produce different letterhead content, in general: the English system One line is usually: "hi! How are you?" Next, he chose the following line to be used as the second line of the line: "I send you this file in order to have your advice" "I Hope you like the file That I s Endo you "" I hope you can help me with this file "" this is the file with the information you ask for "line 3 Usually" see you latd. Thanks "If the system is Spanish language, then One line usually content is: "HOLA Como ESTAS?" Chapter 2 of the next line from the following line: "TE Mando Este Archivo Para Que Me des TU Punto de Vista" "Espero Te Guste Este Archivo Que Te Mando" "Espero ME Puedas Ayudar Conve El Archivo Que Te Mando "" Este Es El Archivo Con La Informacion Que Me Pediste "The last line is usually:" NOS Vemos Pronto, Gracias. "On October 16th, the virus will try to put your hard disk file All files are removed. Because the virus uses .exe .com .lnk.pif.bat's suffix name to perform a viral body, the general anti-virus software does not check .Lnk and .bat file, so you need to include them. Check the directory.
