W32.Patoo

Posted: March 28, 2006

W32.Patoo@mm is a worm that tries to email itself to all the contacts in the Microsoft Outlook Address Book.

The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}Browsetothekey:Deletethevalue:MessengerBlock=C:windowsmsngrblock.exeHKEY_CLASSES_ROOTatfileshellopencommandHKEY_CLASSES_ROOTcomfileshellopencommandHKEY_CLASSES_ROOTexefileshellopencommandHKEY_CLASSES_ROOThtafileshellopencommandHKEY_CLASSES_ROOTpiffileshellopencommandHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunHKEY_LOCAL_MACHINESoftwareCLASSESatfileshellopencommandHKEY_LOCAL_MACHINESoftwareCLASSEScomfileshellopencommandHKEY_LOCAL_MACHINESoftwareCLASSESexefileshellopencommandHKEY_LOCAL_MACHINESoftwareCLASSEShtafileshellopencommandHKEY_LOCAL_MACHINESoftwareCLASSESpiffileshellopencommandReplacecurrentvaluewiththis:%1%*RunOnceRunServices

Leave a Reply