W32.Francette.Worm is a worm that exploits the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026
) using TCP port 135, as well as the Microsoft IIS Web Server Folder Traversal vulnerability (described in Microsoft Security Bulletin MS00-078
). The existence of the file syshost.exe is an indication of a possible infection.
This worm is written in Borland Delphi and is packed with ASPack.
Click for a more detailed description of Rapid Release and Daily Certified virus definitions.