virus scan software   contact virus scan software
virus scan software   online software store
virus scan software anti virus software virus scan software mission   new anti virus scan software
User solutions
scan for viruses
virus removal
virus protection
secure browsing
block hackers
data protection
filter email
kill spam
Corporate solutions
virus protection
mailserver
Firewall software
Black ice
Zone alarm pro
Featured product
trend micro pc-cillin
 


VIRUS NAME: W32/Cervivec@MM





Internet Worm Characteristics

This worm arrives as a zip file attached to an email, named WORMS.ZIP. Inside the ZIP files is an executable named WORMS.EXE. The EXE is written in the Delphi programming language and packed with the UPX packer. When run, the worm adds a new value "Kernel Loader" to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run which ensures that the virus runs after every reboot.


Symptoms

1. presence of the NTKRNL.EXE file in \WINDOWS\SYSTEM32 or \WINDOWS\SYSTEM
2. presence of the Registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run\Kernel Loader="C:\WINDOWS\system32\ntkrnl.exe -LOADDRIVERS=TRUE"

 

 

 
Latest viruses
MyLife.e@MM
Goround.worm
Gluas.a
Linux/Alfa
QDel234
BackDoor-OG
Best sellers
Kaspersky PRO
Panda Platinum
Tiny firewall
Volume licensing

symantec volume licensing

mcafee volume licensing
Online services
Mcafee clinic
 
   

[ virus-scan-software.com ] - [ products ] - [ security ] - [ services ] - [ support ] - [ what's new ] - [ contact ]

website design by Siteowners