P2P-Worm.Win32.Hofox
| Alert Level : | Medium |
| Discovered: | Jan 14 2004 |
| Tag: | Peer-to-Peer Worms Worms |
| Discoverer and Source: | http://www.kaspersky.com/ |
Malware Behavior and Technical Description
Hofox is a worm that spreads via P2P networks. Hofax is a Windows PE exe file; written in Visual Basic; about 49K in size.
During launch, the worm blocks the Norton Antivirus Auto Protect Service
Installation Hofax registers itself as a launched application in the system registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wormIt then copies itself into:
C:\My shared folder\ under the following names:Manifestations Launches:
Norton Anti-Virus 2004.exe
How To Hack.doc.exe
Win XP Pro .exe
Windows Longhorn full beta version.exe
Norton Anti-Virus keygen.exe
Hotmail H4x0r.exe
Halo - Combat Evolced.exe
DivX Pro .exe
Super Encrypt.exe
PornViewer.exe
Panda internet security.exe
Paint Shop Pro 8.exe
Paint Shop Pro 9 beta.exe
McAfee Anti-Virus.exe
C:\Windows\System32\ under the following names:
Norton Anti-Virus.exe
Halo.exe
Dunno.exe
Your Ad Here.exe
Girls Peeing.exe
Hacking is fun.exe
\Program Files\Accessories/Your Gay.exe
- charmap.exe and notepad.exe
- Internet Explorer and connects to: http://www.ratemypoo.com
- *.jpg
- *.gif
- *.mov
- *.mpg
- *.mpeg
- *.avi
- *.doc
- *.txt,/ul>
0
Removal P2P-Worm.Win32.Hofox instructions:
0
Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!
