Home Malware Programs Worms Dinoxi.b

Dinoxi.b

Posted: March 28, 2006

Dinoxi.b, also known as Dioxin.b, is a dangerous worm, which spreads through instant messages using AOL Instant Messenger and via file sharing networks with the help of popular peer-to-peer softwares including eDonkey2000, Overnet, Kazaa, Shareaza, WinMX, LimeWire, iMesh, BearShare, Morpheu and several others. The user can accidentally infect a PC by clicking on a malicious link in a bogus instant message or download the spyware from the Internet as a purportedly useful application.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 fontloader.exe
    2 netmeeting.exe
    3 o.exe
    4 windash.exe
    5 winoie789.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorerMainStartPage=[siteaddress]HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoDesktop=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoFind=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoRecentDocsMenu=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerNoSetTaskbar=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRestrictRun=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskmgr=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemNoDevMgrPage=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppDisabled=1HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWinOldAppNoRealMode=1HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternetExplorerRestrictionsNoBrowserClose=1HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunScanRegistryHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesSchedulingAgentHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerNoDesktop=1
Loading...