|
|
French proverb.
- Weekly virus report -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, July 27, 2003 - In this report, we will focus on three worms,
Gruel.E, Gruel.F and Cuydoc.
The 'E' and F' variants of the worm Gruel spread via e-mail and through the
P2P (peer-to-peer) file sharing program KaZaA. In addition, both of them
have the following characteristics:
- They are highly damaging, since they eliminate a series of files (like
AUTOEXEC.BAT and CONFIG.SYS), that Windows needs to work correctly.
- Their actions include: opening several windows in the Control Panel;
opening and closing the CD-ROM tray; disabling the Taskbar and making it
disappear; hiding the C: drive, preventing file searches from being
performed; etc.
- Once the infection has been carried out, these worms display a fake
Windows error message on screen.
- They create several entries in the Windows Registry, with different values
-depending on whether the computer has been restarted or not-. By creating
these entries, Gruel.E and Gruel.F ensure that they are run whenever a file
with an 'EXE', 'COM', 'BAT', 'PIF', or 'HyperTerminal' extension is run.
The main difference between these two variants is that they spread via
attached files with different names. OFFICEXPTRIAL.EXE is the name of the
file in which Gruel.E spreads, and PROTECT_REMOVE_TOOL.EXE is the file in
which Gruel.F spreads.
The third worm analyzed in this report is Cuydoc which, apart from spreading
through the means normally used by viruses, can also spread across floppy
disk drives. Specifically, Cuydoc automatically copies itself to the floppy
disk drive under the name CUPIDO.EXE.
Cuydoc has damaging effects, since it deletes all of the Word documents
(files with a 'DOC' extension) from the My Documents directory in the
affected computer. In addition, in Spanish versions of Windows Me/98/95,
Cuydoc prevents the user from running the 'REGEDIT.EXE' program, which
allows the user to edit the entries in the Windows Registry, and the
'MSCONFIG.EXE' program, which allows the user to configure which programs
will be loaded when Windows starts.
For further information about these and other viruses, visit Panda
Software's Virus Encyclopedia:
http://www.pandasoftware.com/virus_info/encyclopedia/
Additional information
- Directory / Folder: Divisions or sections used to structure and organize
information contained on a disk. They can contain files or other
sub-directories.
- Windows Registry: This is a file that stores all configuration and
installation information of programs installed, including information about
the Windows operating system.
More definitions of virus and antivirus terminology at:
http://www.pandasoftware.com/virus_info/glossary/default.aspx
NOTE: The addresses above may not show up on your screen as single lines.
This would prevent you from using the links to access the web pages. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 4
Votes: 1
|
|
|
