Selected viruses, spyware, and other threats: sorted alphabetically
Win32/VB.NUU
|
Short description
Win32/VB.NUU is a worm that spreads via shared folders and on removable media.Installation
When executed the worm copies itself in the following locations:- %windir%winste.exe
- %allusersprofile%winste.exe
- [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion
Run]
"Winlogon" = "%windir%winste.exe" - [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
Run]
"Winlogon" = "%allusersprofile%winste.exe"
Spreading via P2P networks
Win32/VB.NUU is a worm that spreads via P2P networks.The worm searches for shared folders of the following programs:
- Ares
- Kazaa
- LimeWire
- WinMX
- Morpheus
- BearShare
- Ares
- Kazaa
- LimeWire
- WinMX
- Morpheus
- BearShare
- Grokster
The following filename is used:
- %variable%
Spreading on removable media
Win32/VB.NUU is a worm that spreads via removable media.The worm copies itself into the root folders of removable drives using the following filename:
- Setup.exe
- autorun.inf
Other information
The worm is sent data and commands from a remote computer or the Internet.The worm connects to the following addresses:
- pajero2010exe.no-ip.biz
- download files from a remote computer and/or Internet
- run executable files
- perform DoS/DDoS attacks
- update itself to a newer version
- remove itself from the infected computer
- send files to a remote computer
- download files from a remote computer and/or Internet
- run executable files
- perform DoS/DDoS attacks
- update itself to a newer version
- remove itself from the infected computer
- send files to a remote computer
- delete files
- move files
- capture screenshots
