Full
Name: |
Banish.B@mm |
| Type: |
Worm |
| Also Known As: |
Win32.Banish.A [Computer Associates], Email-Worm.Win32.Banish.{a, b} [Kaspersky Lab], W32/Banish.worm [McAfee], W32/Multie@MM [McAfee], W32/Banish-A [Sophos], WORM_BANISH.A [Trend Micro] |
| Danger Level: |
7 |
| Category Description: |
Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.
Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files. |
| Comment: |
A modified variant of Banish.A worm that attempts to block security sites with various IP filters.
Creates or modifies the following Keys
\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\
DeviceDesc Created IP Traffic Filter Driver
ClassGUID Created {8ECC055D-047F-11D1-A537-0000F8753ED1}
Class Created LegacyDriver
ConfigFlags Created 0
Legacy Created 1
Service Created IpFilterDriver
\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\
\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control\
New Value: IpFilterDriver
New Value: 0
Modifies:
\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Value Name: key2 = C:\WINDOWS\system32\winlog.exe
Adds two files to the OS:
winlog.exe
winlog.dll
|
| |
|
| Properties: |
|
Back to the list of products removed by X-Cleaner
|
