Search
Keyword: worm_rbot.qp
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies certain registry entries to hide file
This worm arrives by connecting affected removable drives to a system. It may be downloaded by other malware/grayware from remote sites. It is injected into all running processes to remain memory
This worm has the ability to mount to virtual disks. Doing so infects virtual environments that are set up on Windows operating systems. To get a one-glance comprehensive view of the behavior of this
This description is based is a compiled analysis of several variants of WORM_PROLACO. Note that specific data such as file names and registry values may vary for each variant. This worm arrives as
This worm arrives by accessing affected shared networks. It may be dropped by other malware. It drops an AUTORUN.INF file to automatically execute the copies it drops when a user accesses the drives
If it fails to download the configuration file, this worm downloads a certain file. It saves the downloaded file as %System%\setting.ini . It expects the downloaded configuration file to contain a
Trend Micro has received multiple samples of this worm from multiple, independent sources, including customer reports and internal sources. These indicate that this worm poses a high risk to users
This worm sends messages that contain links to sites hosting remote copies of itself using the instant-messaging (IM) applications Yahoo Messenger and MSN Messenger . It may also send messages
needed during in system bootup. To get a one-glance comprehensive view of the behavior of this Worm, refer to the Threat Diagram shown below. This worm arrives via removable drives. It may be unknowingly
This worm arrives via removable drives. It drops copies of itself in all drives. These dropped copies use the names of the folders located on the said drives for their file names. It drops an
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It uses Windows Task Scheduler to create a scheduled task
This worm may be unknowingly downloaded by a user while visiting malicious websites. It drops copies of itself in removable drives. These dropped copies use the names of the folders located on the
This Worm arrives as an attachment to email messages mass-mailed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
This Worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious
This Worm arrives via removable drives. It executes commands from a remote malicious user, effectively compromising the affected system. It retrieves specific information from the affected system. It
This worm arrives by connecting affected removable drives to a system. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious
This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes the
This worm arrives via removable drives. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops an AUTORUN.INF file to automatically execute the
This worm arrives via removable drives. It drops an AUTORUN.INF file to automatically execute the copies it drops when a user accesses the drives of an affected system. It connects to Internet Relay