Hot Articles

P2P-Worm.Win32.Hofox

tag:Peer-to-Peer   Worms   Worms  

0 0

Hofox is a worm that spreads via P2P networks. Hofax is a Windows PE exe file; written in Visual Basic; about 49K in size.

During launch, the worm blocks the Norton Antivirus Auto Protect Service

Installation Hofax registers itself as a launched application in the system registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\worm
It then copies itself into:
C:\My shared folder\ under the following names:

Norton Anti-Virus 2004.exe
How To Hack.doc.exe
Win XP Pro .exe
Windows Longhorn full beta version.exe
Norton Anti-Virus keygen.exe
Hotmail H4x0r.exe
Halo - Combat Evolced.exe
DivX Pro .exe
Super Encrypt.exe
PornViewer.exe
Panda internet security.exe
Paint Shop Pro 8.exe
Paint Shop Pro 9 beta.exe
McAfee Anti-Virus.exe

C:\Windows\System32\ under the following names:

Norton Anti-Virus.exe
Halo.exe
Dunno.exe
Your Ad Here.exe
Girls Peeing.exe
Hacking is fun.exe

\Program Files\Accessories/Your Gay.exe
Manifestations Launches:
  • charmap.exe and notepad.exe
  • Internet Explorer and connects to: http://www.ratemypoo.com
Destructive behaviour Deletes files with the following extensions:
  • *.jpg
  • *.gif
  • *.mov
  • *.mpg
  • *.mpeg
  • *.avi
  • *.doc
  • *.pdf
  • *.txt,/ul>

©Virus-Encyclopedia.com All Rights Reserved.