Protector Plus Download Antivirus
Home
Download Antivirus
Antivirus Products
Order Antivirus


Antivirus Software for Windows XP/2000/2003
Antivirus Software for Windows Me/98
Antivirus Software for Exchange 2000/2003
Antivirus Software for NetWare

W32/Sober.D

NameW32/Sober.D
AliasesW32/Sober@MM, W32.Sober@mm, W32/Sober-D, sober, sober.d, W32/Roca-a, Win32/Roca.A@mm
Discovered on March 8, 2004

 Virus Information - W32/Sober.D:

W32/Sober.D is a mass mailing worm. This worm infects the Windows systems and spreads through email.

The subject of the infected mail will be;

Microsoft Alert: Please Read!

The worm carries any one of the infected attachment;

Patch
sys-patch
UpDate
MS-UD
MS-Security

The extension of the infected attachment will be .zip, which contains an executable attachment .exe.

The body of the infected mail will be either in english or german language.

The body of the mail in english will be;

New MyDoom Virus Variant Detected!

A new variant of the W32.Mydoom (W32.Novarg) worm spread rapidly through the Internet. Anti-virus vendor Central Command claims that 1 in 45 e-mails contains the MyDoom virus. The worm also has a backdoor Trojan capability. By default, the Trojan component listens on port 13468.

Protection:
Please download this digitally signed attachment.
This Update includes the functionality of previously released patches.

+++ ©2004 Microsoft Corporation. All rights reserved.
+++ One Microsoft Way, Redmond, Washington 98052
+++ Restricted Rights at 48 CFR 52.227-19

The body of the mail in german will be any one of the following;

Neue Virus-Variante W32.Mydoom verbreitet sich schnell.

Eine neue Mydoom-Variante verbreitet sich derzeit rasend schnell im Internet. Wie seine Vorganger verschickt sich der Wurm von infizierten Windows- Rechnern per E-Mail an weitere Adressen.
Zudem installiert er auf infizierten Systemen einen gefahrlichen Trojaner! Fuhrende Virenspezialisten melden bereis ein vermehrtes Aufkommen des W32.Mydoom alias W32.Novarg.

Bitte daten Sie Ihr System mit dem Patch ab, um sich vor diesem Schadling zu schutzen!

+++ c2004 Microsoft Corporation. Alle Rechte vorbehalten.
+++ Microsoft Deutschland GmbH, Konrad-Zuse-Strasse 1
+++ 85716 Unterschleissheim, HRB 70438, DE 129 415 943

Upon execution of the infected attachment, it displays a dialog box with a message;

"This patch has been successfully installed."

After this, the worm copies itself in the Windows System folder. The worm modifies registry at the following location to load itself during each startup.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

The worm scans the following extensions and collects all the available email addresses from the infected system.

.xls
.wab
.txt
.tbb
.shtml
.rtf
.pl
.php
.mdb
.log
.ini
.eml
.doc
.dbx
.asp
.adb
.abd

The worm stores all the collected email addresses in a file called mslogs32.dll, in the Windows System folder. After this the worm mails itself to these addresses using its own SMTP engine.

Anti virus for Windows Download Now!

Home Page Download Antivirus Antivirus Products Order Antivirus

Copyright © 2005 Proland Software.All rights reserved

antivirus software, anti virus software, anti virus, download antivirus, download anti virus, free antivirus, free anti virus, antivirus, download, free, windows, windows xp, xp, sp2, windows me, windows 2000, 98, 95, nt, me, 2003, netware, anti-virus, virus, worm, trojan, protector, plus, proland, virus software, spyware