1. /
  2. Security Response/
  3. W32.Nujama.B

W32.Nujama.B

Risk Level 2: Low

Discovered:
June 27, 2007
Updated:
June 28, 2007 8:17:07 AM
Type:
Worm
Infection Length:
42,611 bytes
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP
Once executed, the worm copies itself as the following files:
  • %System%\SystemMonitor.exe
  • %System%\csrsrss.exe
  • ptstnoop.exe
  • InfoVersion.exe
  • cmmput.exe
  • call of duty.exe

It also copies itself as the following file in every folder on the compromised computer:
[FOLDER NAME].exe

It then creates the following files:
  • %Windir%\Web\Folder.htt
  • %Windir%\Web\Desktop.ini
  • %Windir%\system\oeminfo.ini

Next, the worm copies itself to the root directory of every drive as the following file:
Datos de [MACHINE NAME].exe

It then modifies the following registry entries to disable the Task Manager, Registry Editor, System Restore, Windows Firewall, and any antivirus applications running on the compromised computer:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableRegistryTools" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\"DisableSR" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\"DisableNotifications" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\"EnableFirewall" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\"DoNotAllowExceptions" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\"DisableNotifications" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\"EnableFirewall" = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\"DoNotAllowExceptions" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"AntiVirusDisableNotify" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"FirewallDisableNotify" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"UpdatesDisableNotify" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"FirewallOverride" = 1"

It also modifies the following registry entries to disable Windows updates:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\"NoAutoUpdate" = "1"
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\"AUOptions" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\"DisableWindowsUpdateAccess" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\"AUState" = "7"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\"AUOptions" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideFileExt" = "1"

The worm then creates the following entries so that it runs when files with .exe, .bat, .pif, .cmd, and .scr extensions are opened:
HKEY_CLASSES_ROOT\exefile\shell\open\command\"(Default)" = "%System%\SystemMonitor.exe "%1" %*"
HKEY_CLASSES_ROOT\batfile\shell\open\command\"(Default)" = "%System%\SystemMonitor.exe "%1" %*"
HKEY_CLASSES_ROOT\comfile\shell\open\command\"(Default)" = "%System%\SystemMonitor.exe "%1" %*"
HKEY_CLASSES_ROOT\piffile\shell\open\command\"(Default)" = "%System%\SystemMonitor.exe "%1" %*"
HKEY_CLASSES_ROOT\cmdfile\shell\open\command\"(Default)" = "%System%\SystemMonitor.exe "%1" %*"
HKEY_CLASSES_ROOT\scrfile\shell\open\command\"(Default)" = "%System%\SystemMonitor.exe "%1" /S"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Sysmon" = "%System%\SystemMonitor.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Windows Services" = "%System%\csrsrss.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"InfoVersion" = "%System%\InfoVersion.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"SysTemperatureNotRemove" = "%System%\cmmput.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"hola" = "%System%\call of duty.exe"

It also modifies the following registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\"Start" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\"Start" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PAVfnsvr\"START" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pavkre\"START" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc\"START" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProt\"START" = "4"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavPrSrv\"START" = "4"

It also modifies the following registry entries to change user details:
HKEY_CLASSES_ROOT\CLSID\{460E0A9C-90AA-8CC7-25A0-52A2C5B5EFF42}\"SystemName" = "Microsoft Windows"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\"RegisteredOwner" = "{fEr}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\"RegisteredOwner" = "{fEr}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\"RegisteredOrganization" = "Esto es solo el principio..."
HKEY_CURRENT_USER\Software\Microsoft\Windows\"WindowsConfig" = "EnablePrintersOnLogin"

Next, the worm displays the following fake error message in Spanish:


TITLE:
WinZip Self-Extract error!
Ha fallado la descompresion del archivo.
Si fue descargado de internet, puede que
este danado.

It also displays the following message:


TITLE: Soy el titulo
No se me ocurre nada inteligente para poner aqui
...

It copies itself to the following folders if they are present on the compromised computer:
  • shared files
  • My Grokster
  • Shared
  • My Shared Folder
  • Share
  • Received Files
  • CD Burning

It uses the following file names when copying itself to the above folders:
  • Ana Kournikova Sex Video.exe
  • AVP Antivirus Pro Key Crack.exe
  • VirtualSex.exe
  • Britney Spears Sex Video.exe
  • Buffy Vampire Slayer Movie.exe
  • Crack Passwords Mail.exe
  • Cristina Aguilera Sex Video.exe
  • Samsung ALL models unlocker.exe
  • Game Cube Real Emulator.exe
  • Hentai Anime Girls Movie.exe
  • Jenifer Lopez Sex Video.exe
  • Matrix Movie.exe
  • El rey de los huevones full divx - comprimida.exe
  • Mcafee Antivirus Scan Crack.exe
  • subseven.exe
  • Norton Anvirus Key Crack.exe
  • Panda Antivirus Titanium Crack.exe
  • PS2 PlayStation Simulator.exe
  • Quick Time Key Crack.exe
  • Sakura Card Captor Movie.exe
  • Mision imposible 3 Game.exe
  • Sex Live Simulator.exe
  • Sex Passwords.exe
  • Spiderman Movie.exe
  • Start Wars Trilogy Movies.exe
  • Thalia Sex Video.exe
  • Winzip KeyGenerator Crack.exe
  • aol cracker.exe
  • pamela_anderson.exe
  • aol password cracker.exe
  • divx pro.exe
  • GTA 3 Crack.exe
  • GTA 3 Serial.exe
  • play station one two and three emulator.exe
  • virtua girl - adriana.exe
  • virtua girl - bailey short skirt.exe
  • Virtua Girl (Full).exe
  • warcraft 3 crack.exe
  • VB6.exe
  • warcraft 3 serials.exe
  • counter-strike.exe
  • delphi.exe
  • divx_pro.exe
  • HotGirls.exe
  • hotmail_hack.exe
  • serials2007.exe
  • ACDSee 5.5.exe
  • Age of Empires 2 crack.exe
  • Animated Screen 7.0b.exe
  • AOL Instant Messenger.exe
  • AquaNox2 Crack.exe
  • Audiograbber 2.05.exe
  • BabeFest 2007 ScreenSaver 1.5.exe
  • Babylon 3.50b reg_crack.exe
  • Battlefield1942_bloodpatch.exe
  • Battlefield1942_keygen.exe
  • Business Card Designer Plus 7.9.exe
  • Clone CD 9.0.0.3 (crack).exe
  • Clone CD 9.0.0.3.exe
  • Coffee Cup Free zip 7.0b.exe
  • Metodo crackear hotmail actualizado 30-09-2006.exe
  • Cool Edit Pro v2.55.exe
  • Nspclean.exe
  • Diablo 2 Crack.exe
  • DirectDVD 5.0.exe
  • DirectX Buster (all versions).exe
  • DirectX InfoTool.exe
  • DivX Video Bundle 6.5.exe
  • Download Accelerator Plus 6.1.exe
  • DVD Copy Plus v5.0.exe
  • DVD Region-Free 2.3.exe
  • FIFA2004 crack.exe
  • GetRight 5.0a.exe
  • Final Fantasy VII XP Patch 1.5.exe
  • Flash MX crack (trial).exe
  • FlashGet 1.5.exe
  • FreeRAM XP Pro 1.9.exe
  • Global DiVX Player 3.0.exe
  • Gothic2 licence.exe
  • Guitar Chords Library 5.5.exe
  • Hitman_2_no_cd_crack.exe
  • Hot Babes XXX Screen Saver.exe
  • ICQ Pro 2007a.exe
  • Windows Stearter Edition crack.exe
  • ICQ Pro 2007b (new beta).exe
  • iMesh 3.6.exe
  • iMesh 3.7b (beta).exe
  • IrfanView 4.5.exe
  • KaZaA Hack 2.5.0.exe
  • KaZaA Speedup 3.6.exe
  • Links 2007 Golf game (crack).exe
  • Living Waterfalls 1.3.exe
  • Mafia_crack.exe
  • NBA2007_crack.exe
  • Matrix Screensaver 1.5.exe
  • MediaPlayer Update.exe
  • mIRC 6.40.exe
  • mp3Trim PRO 2.5.exe
  • MSN Messenger 8.2.exe
  • Need 4 Speed crack.exe
  • Need 4 Speed Most Wanted Full With Crack.exe
  • Nero Burning ROM crack.exe
  • Netfast 1.8.exe
  • Network Cable e ADSL Speed 2.0.5.exe
  • NHL 2004 crack.exe
  • Nimo CodecPack (new) 8.0.exe
  • PalTalk 5.01b.exe
  • Popup Defender 6.5.exe
  • Pop-Up Stopper 3.5.exe
  • QuickTime_Pro_Crack.exe
  • Serials 2004 v.8.0 Full.exe
  • SmartFTP 2.0.0.exe
  • SmartRipper v2.7.exe
  • Space Invaders 1978.exe
  • Splinter_Cell_Crack.exe
  • Steinberg_WaveLab_5_crack.exe
  • Trillian 0.85 (free).exe
  • TweakAll 3.8.exe
  • Unreal2_bloodpatch.exe
  • Unreal2_crack.exe
  • UT2004_bloodpatch.exe
  • UT2007 full & crack.exe
  • UT2004_keygen.exe
  • UT2004_no cd (crack).exe
  • xbox360 emulator.exe
  • UT2004_patch.exe
  • WarCraft_3_crack.exe
  • Winamp 7.8.exe
  • WindowBlinds 4.0.exe
  • WinOnCD 4 PE_crack.exe
  • WinZip 9.0b.exe
  • Yahoo Messenger 6.0.exe
  • Zelda Classic 2.00.exe
  • Windows XP complete + serial.exe
  • Screen saver christina aguilera.exe
  • Screen saver christina aguilera naked.exe
  • Visual basic 6.exe
  • Starcraft serial.exe
  • Hotmail Hacker 2007-Xss Exploit.exe
  • Credit Card Numbers generator(incl Visa,MasterCard,...).exe
  • Edonkey2000-Speed me up scotty.exe
  • Security-2007-Update.exe
  • Kazaa SDK + Xbit speedUp for 2.xx.exe
  • Microsoft KeyGenerator-Allmost all microsoft stuff.exe
  • Netbios Nuker 2004.exe
  • Stripping MP3 dancer+crack.exe
  • Visual Basic 6.0 Msdn Plugin.exe
  • Windows Xp Exploit.exe
  • WinRar 3.xx Password Cracker.exe
  • WinZipped Visual C++ Tutorial.exe
  • XNuker 2004 2.93b.exe
  • cable modem ultility pack.exe
  • cracker to ALL software.exe
  • macromedia dreamweaver key generator.exe
  • Macromedia all software key generator
  • Crackeador de TODOS los programas.exe
  • winamp plugin pack.exe
  • winzip full version key generator.exe
  • PerAntivirus 8.9.exe
  • The Hacker Antivirus 5.7.exe

It executes the following command to collect the machine information and stores the result in the file %Windir%\sfoundfiles.txt:
cmd.exe /c systeminfo

Note: The collected information may be compressed as a .zip or .rar file and sent to the remote attacker.

It also deletes the following files:
  • msconfig.exe
  • drwatson.exe
  • regedit.exe
  • sysedit.exe
  • regedt32.exe
  • taskmgr.exe

It may end security-related processes that contain the following title in the window:
  • Virus
  • Avast
  • Norton
  • McAfee
  • NOD32
  • Clean
  • Remover
  • Spyware
  • Panda
  • AntiVirus
  • virus
  • avast
  • norton
  • mcafee
  • nod32
  • clean
  • remover
  • spyware
  • panda
  • antiVirus
  • VIRUS
  • AVAST
  • NORTON
  • MCAFEE
  • CLEAN
  • REMOVER
  • SPYWARE
  • PANDA
  • ANTIVIRUS
  • Kaspersky
  • kaspersky
  • KASPERSKY
  • SCAN
  • Scan
  • scan

It may end processes if the process name contains one of the following strings:
  • avp32.exe
  • avpmon.exe
  • zonealarm.exe
  • vshwin32.exe
  • navnt.exe
  • mpftray.exe
  • lockdown2000.exe
  • icssuppnt.exe
  • icload95.exe
  • iamapp.exe
  • findviru.exe
  • f-agnt95.exe
  • fih32
  • dv95_o.exe
  • claw95ct.exe
  • cfiaudit.exe
  • avwupd32.exe
  • avptc32.exe
  • _avp32.exe
  • avgctrl.exe
  • apvxdwin.exe
  • _avpcc.exe
  • avpcc.exe
  • wfindv32.exe
  • vsecomr.exe
  • tds2-nt.exe
  • sweep95.exe
  • EFINET32.EXE
  • scrscan.exe
  • safeweb.exe
  • persfw.exe
  • navsched.exe
  • nvc95.exe
  • nisum.exe
  • navlu32.exe
  • ALOGSERV
  • AMON9X
  • AVGSERV9
  • AVGW
  • avkpop
  • avkservice
  • AvkServ
  • AVXMONITOR9X
  • AVXMONITORNT
  • AVXQUAR
  • moolive.exe
  • jed.exe
  • icsupp95.exe
  • ibmavsp.exe
  • frw.exe
  • f-stopw.exe
  • TFAK
  • espwatch.exe
  • procexp
  • filemon.exe
  • regmon.exe
  • dvp95.exe
  • cfiadmin.exe
  • avwin95.exe
  • avpm.exe
  • avp.exe
  • ave32.exe
  • anti-trojan.exe
  • webscan.exe
  • webscanx.exe
  • vsscan40.exe
  • tds2-98.exe
  • SymProxySvc
  • SYMTRAY
  • TAUMON
  • TCM
  • TDS-3
  • vbcmserv
  • VbCons
  • VIR-HELP
  • VPC32
  • VPTRAY
  • VSMAIN
  • vsmon
  • WIMMUN32
  • WGFE95
  • WEBTRAP
  • WATCHDOG
  • WrAdmin
  • fameh32
  • sphinx.exe
  • scanpm.exe
  • rescue.exe
  • pcfwallicon.exe
  • pavcl.exe
  • nupgrade.exe
  • navwnt.exe
  • navapw32.exe
  • luall.exe
  • iomon98.exe
  • icmoon.exe
  • fprot.exe
  • f-prot95.exe
  • esafe.exe
  • cleaner3.exe
  • IBMASN.EXE
  • AVXW
  • cfgWiz
  • CMGRDIAN
  • CONNECTIONMONITOR
  • CPDClnt
  • DEFWATCH
  • CTRL
  • defalert
  • defscangui
  • DOORS
  • EFPEADM
  • ETRUSTCIPE
  • EVPN
  • EXPERT
  • fch32
  • blackice.exe
  • avsched32.exe
  • avpdos32.exe
  • avpnt.exe
  • avconsol.exe
  • ackwin32.exe
  • NWTOOL16
  • pccwin97
  • PROGRAMAUDITOR
  • POP3TRAP
  • PROCESSMONITOR
  • PORTMONITOR
  • POPROXY
  • pcscan
  • pcntmon
  • pavproxy
  • PADMIN
  • pview95
  • rapapp.exe
  • REALMON
  • RTVSCN95
  • vsstat.exe
  • vettray.exe
  • tca.exe
  • smc.exe
  • scan95.exe
  • rav7win.exe
  • pccwin98.exe
  • KPFW32.EXE
  • ADVXDWIN
  • padmin.exe
  • normist.exe
  • navw32.exe
  • n32scan.exe
  • lookout.exe
  • iface.exe
  • icloadnt.exe
  • SPYXX
  • SS3EDIT
  • SweepNet
  • iamserv.exe
  • fp-win.exe
  • f-prot.exe
  • ecengine.exe
  • cleaner.exe
  • cfind.exe
  • blackd.exe
  • RULAUNCH
  • sbserv
  • SWNETSUP
  • avpupd.exe
  • avkserv.exe
  • autodown.exe
  • _avpm.exe
  • FPROT95.EXE
  • offguard.exe
  • pav.exe
  • pavmail.exe
  • per.exe
  • perd.exe
  • pertsk.exe
  • perupd.exe
  • pervac.exe
  • pervacd.exe
  • th.exe
  • th32.exe
  • th32upd.exe
  • thav.exe
  • thd.exe
  • thd32.exe
  • thmail.exe
  • alertsvc.exe
  • amon.exe
  • kpf.exe
  • antivir
  • avsynmgr.exe
  • cfinet.exe
  • cfinet32.exe
  • icmon.exe
  • pview95.exe
  • lockdownadvanced.exe
  • lucomserver.exe
  • navapsvc.exe
  • navrunr.exe
  • nisserv.exe
  • nsched32.exe
  • pcciomon.exe
  • pccmain.exe
  • Avnt.exe
  • Claw95cf.exe
  • Dvp95_0.exe
  • Vscan40.exe
  • Icsuppnt.exe
  • Jedi.exe
  • N32scanw.exe
  • Pavsched.exe
  • Pavw.exe
  • Avrep32.exe
  • Monitor.exe
  • fsgk32
  • fsm32
  • fsma32
  • fsmb32
  • gbmenu
  • GBPOLL
  • GENERICS
  • GUARD
  • IAMSTATS
  • ISRV95
  • ATCON
  • LDPROMENU
  • LDSCAN
  • LUSPT
  • MCMNHDLR
  • MCTOOL
  • MCUPDATE
  • MCVSRTE
  • MGHTML
  • MINILOG
  • MCVSSHLD
  • MCAGENT
  • MPFSERVICE
  • NeoWatchLog
  • NVSVC32
  • NWService
  • NTXconfig
  • NTVDM
  • ntrtscan
  • npssvc
  • npscheck
  • netutils
  • ndd32
  • NAVENGNAVEX15
  • notstart.exe
  • zapro.exe
  • pqremove.com
  • BullGuard
  • CCAPP.EXE
  • vet98.exe
  • VET32.EXE
  • VCONTROL.EXE
  • claw95.exe
  • ANTS
  • ATUPDATER
  • ATWATCH
  • AutoTrace
  • AVGCC32
  • AvgServ
  • AVWINNT
  • fnrb32
  • fsaa
  • fsav32
  • ZAP.EXE
  • ZAPD.EXE
  • ZAPPRG.EXE
  • ZAPS.EXE
  • ZCAP.EXE
  • pfwcon.exe
  • ashDisp.exe
  • ashQuick.exe
  • ashAvast.exe
  • nod32kui.exe

It may retrieve scripts from the following URLs and execute them:
[http://]u5baf2cc0b.iespana.es/qwert[REMOVED]
[http://]u5baf2cc0b.iespana.es/ytrew[REMOVED]

Recommendations

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

  • Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
  • Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
  • Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.
  • Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.
  • Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
  • If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
  • Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
  • Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
  • Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
  • Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
  • If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.
  • For further information on the terms used in this document, please refer to the Security Response glossary.
Writeup By: Masaki Suenaga
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver