Kassbot
Worm Kassbot, also known as Nanspy, spreads in local area networks. It infects PCs running vulnerable Windows version with unpatched security holes. Kassbot modifies essential computer settings to block access to certain web sites. It contacts predefined web servers to receive commands from the attacker and download updates. It also compromises other vulnerable network PCs. Kassbot is relatively easy to remove. It depends on a single executable located in the default computer folder and one registry entry.
File System Modifications
- The following files were created in the system:
# File Name 1 mmsvc32.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunMicrosoftNetworkServicesController=%System%mmsvc32.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.