Protector Plus Download Antivirus
Home
Download Antivirus
Antivirus Products
Order Antivirus


Antivirus Software for Windows XP/2000/2003
Antivirus Software for Windows Me/98
Antivirus Software for Exchange 2000/2003
Antivirus Software for NetWare

Hybris Worm

NameHybris Worm
AliasesHybris, I-Worm.Hybris
Discovered on November 2000

 Virus Information - Hybris Worm:

Hybris is an email worm. This worm infects Windows 95/98 and Windows NT/2000 based systems. This worm is similar to the Happy99. The worm arrives through email bearing any of the following subjects,

  •  Snowhite and the Seven Dwarfs - The REAL story! :
  •  Branca de Neve pornô! Enanito si, pero con que pedazo!:
  •  Les 7 coquir nains:

with any of the following as body text,

  • Today, Snowhite was turning 18. The 7 Dwarfs always where very educated and polite with Snowhite. When they go out work at mornign, they promissed a *huge* surprise. Snowhite was anxious. Suddlently, the door open, and the Seven Dwarfs enter...
  • C'etait un jour avant son dix huitieme anniversaire. Les 7 nains, qui avaient aidé 'blanche neige' toutes ces années après qu'elle se soit enfuit de chez sa belle mère, lui avaient promis une *grosse* surprise. A 5 heures comme toujours, ils sont rentrés du travail. Mais cette fois ils avaient un air coquin...
  • Faltaba apenas un dia para su aniversario de de 18 años. Blanca de Nieve fuera siempre muy bien cuidada por los enanitos. Ellos le prometieron una *grande* sorpresa para su fiesta de compleaños. Al entardecer, llegaron. Tenian un brillo incomun en los ojos...

and any of the following as attachment.

anão pornô.scr
atchim.exe
blanca de nieve.scr
blanche.scr
blancheneige.exe
branca de neve.scr
dunga.scr
dwarf4you.exe
enanito fisgon.exe
enano porno.exe
enano.exe
joke.exe
midgets.scr
nains.exe
sexy virgin.scr
sexynain.scr
........etc

Opening the attachment launches the worm. If the WSOCK32.DLL, is being used by windows then it creates a copy of the same and infects it. It gives a random eight character file name to the new file which does not have any extension. The worm then overwrites the WININIT.INI to continue its infection routine on next Windows Startup. The registry modifications are done at the following location:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

The worm sends mail with any of the above randomly chosen subjects, body text and attachment respectively for every outbound mail. Plugins are automatically updated from a website. These plugins are also converted into newsgroup messages and posted. The worm tries to connect automatically to several news servers to post messages to the newsgroup alt.comp.virus.

Anti virus for Windows Download Now!

Home Page Download Antivirus Antivirus Products Order Antivirus

Copyright © 2005 Proland Software.All rights reserved

antivirus software, anti virus software, anti virus, download antivirus, download anti virus, free antivirus, free anti virus, antivirus, download, free, windows, windows xp, xp, sp2, windows me, windows 2000, 98, 95, nt, me, 2003, netware, anti-virus, virus, worm, trojan, protector, plus, proland, virus software, spyware