The worm attempts to remove files and folders inside Symantec's virus definition folder. Symantec stores latest Virus definitions in this folder . Symantec Anti-Virus will be incapable of detecting viruses if files inside this folder is removed.
C:\Program Files\Common Files\Symantec Shared\VirusDefs
This worm may create and open a file named "msg.txt" inside 'C:\'. The file contains the following message:
*** I M P O R T A N T M E S S A G E ***
------------------------------------------
ALL DATA [REMOVED] on your computer
------------------ SORRY ------------------
* tHe pIrAcY kIllEr *
The worm creates a file named autorun.inf on all network shares and removable drives.
[DRIVE LETTER]:\autorun.inf
Content of [DRIVE LETTER]:\autorun.inf
[AutoRun]
open=mobimb.exe
shell\open\Command=mobimb.exe
shell\open\Default=1
shell\explore\Command=mobimb.exe
Systems Affected: All Windows.
How to remove worm W32.Momib.A ?
Source: Symantec
No comments:
Post a Comment