PC Security Shield Virus Alert: Worm.Win32.Zindos.5760
| W32.Zindos.A[Symantec], W32/Zindos.worm[McAfee], WORM_ZINDOS.A[Trend] | |
| Worm | |
| Win32 | |
| No | |
| others | |
| No | |
| 07/27/2006 | |
| Network | |
| DoS attack, Changes registry | |
| None | |
| ** / ** | |
| Able to detect/repair [ViRobot version: 07/28/2006] |
This worm was found on July 27 2006.
It infects the system that opens TCP port 1034, and upon infection, it attempts to Denial of Service(DoS) attack microsoft.com.
How it spreads:
Worm scans TCP port 1034 of random IP address and when it finds the opened port, it copies worm. At this time, worm is created and
executed as a random name in the Window temporary folder.
Notes : TCP port 1034 is the port number that is opened when it is infected by specified backdoor. This backdoor is dropped by I-
Worm.Win32.Mydoom.27648 so if it is infected by Mydoom.27648 the backdoor is infected as well.
Infection symtoms:
1. Worm attempts to DoS(Denial of Service) attack to the following domain.
http://www.microsoft.com
2.Worm is added in the following registry to be auto-executed when the system reboots.
- HKEY_LOCAL_MACHINE\
Software\
Microsoft\
Windows\
CurrentVersion\
Run
Name : Tray
Data : (Worm file name which is not regular).EXE
How to repair: [Repair by using The Shield AntiVirus 2007]
