Free spyware removal and spyware protection
Unfortunately, defeating spyware is harder than evading conventional viruses.
Spyware is any potentially-unwanted program that makes undesirable changes to your computer and/or collects information about user activities, without consent, usually for financial gain. That definition may be fine in the abstract, but making concrete decisions about which programs are really spyware can he difficult.
Please visit the download section of this website and you will find a few simple and FREE applications written by different authors in which I have found throughout the years of facing spyware and viruses over 100 times, to be the most affective and free of course, way to keep your computer clean of worms, popups, spyware and other malicious computer bugs. ( If your computer is already affected, these programs might not completely get rid of your problem, but it will prevent from any more damage. I my self have tested these simple and free applications many times, on hundreds of PC computers, and I am happy to share my years of extensive research and trial and error to help you live a bug free pc lifestyle.
Spyware is any potentially-unwanted program that makes undesirable changes to your computer and/or collects information about user activities, without consent, usually for financial gain. That definition may be fine in the abstract, but making concrete decisions about which programs are really spyware can he difficult.
Please visit the download section of this website and you will find a few simple and FREE applications written by different authors in which I have found throughout the years of facing spyware and viruses over 100 times, to be the most affective and free of course, way to keep your computer clean of worms, popups, spyware and other malicious computer bugs. ( If your computer is already affected, these programs might not completely get rid of your problem, but it will prevent from any more damage. I my self have tested these simple and free applications many times, on hundreds of PC computers, and I am happy to share my years of extensive research and trial and error to help you live a bug free pc lifestyle.
Virus Profile: W32/Sdbot.worm.gen.z
Monday, November 12, 2007
Recent Threats
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 12/15/2004
Date Added: 9/22/2004
Origin: N/A
Length: Varies
Type: Virus
SubType: Generic Worm
DAT Required: 4394
Virus Characteristics
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
Please review the W32/Sdbot.worm.gen description.
The W32/Sdbot.worm.gen.z exhibits the following behavior:
* The worm file is eXPressor protected
* Mlqm.exe process will listen for TCP communication on port 3032
* Issues a DNS query to the following domain: r3x.ma7d.com
Files Added
* %WINDIR%\system32\dllcache\mlqm.exe
The worm attempts communication with a server for further instructions. A remote attacker can use the worm to perform various tasks:
Gather system information (CPU, Driver Space, RAM, OS Version, User name, Computer name, IP Address)
SYN Flood others
Kill processes
Download files
Execute files
At the time this was analyzed the worm attempted to SYN Flood various addresses provided by the server.
Indications of Infection
Presence of %WINDIR%\system32\dllcache\mlqm.exe
Unexpected TCP communication on port 3032
Method of Infection
The exact method of propagation will vary between variants. However, the following characteristics are typical:
Share Propagation
*
The worm propagates via accessible or poorly-secured network shares, and some variants are intended to take advantage of high profile exploits:
* DCOM RPC vulnerability (MS03-026) -http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
* LSASS vulnerability (MS04-011) - http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Removal Instructions
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 12/15/2004
Date Added: 9/22/2004
Origin: N/A
Length: Varies
Type: Virus
SubType: Generic Worm
DAT Required: 4394
Virus Characteristics
Due to the large volume of members of this virus family, the size of extra.dats required to detect these is very large. AVERT have therefore split the detection into multiple drivers although the behavior of all members is broadly similar.
Please review the W32/Sdbot.worm.gen description.
The W32/Sdbot.worm.gen.z exhibits the following behavior:
* The worm file is eXPressor protected
* Mlqm.exe process will listen for TCP communication on port 3032
* Issues a DNS query to the following domain: r3x.ma7d.com
Files Added
* %WINDIR%\system32\dllcache\mlqm.exe
The worm attempts communication with a server for further instructions. A remote attacker can use the worm to perform various tasks:
Gather system information (CPU, Driver Space, RAM, OS Version, User name, Computer name, IP Address)
SYN Flood others
Kill processes
Download files
Execute files
At the time this was analyzed the worm attempted to SYN Flood various addresses provided by the server.
Indications of Infection
Presence of %WINDIR%\system32\dllcache\mlqm.exe
Unexpected TCP communication on port 3032
Method of Infection
The exact method of propagation will vary between variants. However, the following characteristics are typical:
Share Propagation
*
The worm propagates via accessible or poorly-secured network shares, and some variants are intended to take advantage of high profile exploits:
* DCOM RPC vulnerability (MS03-026) -http://www.microsoft.com/technet/security/bulletin/MS03-026.mspx
* LSASS vulnerability (MS04-011) - http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Removal Instructions
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
