Home Malware Programs Worms WORM/Slenfbot.DP.5

WORM/Slenfbot.DP.5

Posted: May 9, 2011

WORM/Slenfbot.DP.5.worm is a mixed mode computer worm that is malicious to executable files on your computer system. WORM/Slenfbot.DP.5.worm uses malicious tricks to download nasty malware from the web. WORM/Slenfbot.DP.5.worm opens up firewalls and gathers personal details, such as personal financial information. WORM/Slenfbot.DP.5.worm also downloads additional components before the criminals gain remote access to the affected computer system. WORM/Slenfbot.DP.5.worm can launch itself automatically when you boot up your PC. WORM/Slenfbot.DP.5.worm will make changes to Windows registry, reconnect your computer to illegitimate websites and then download other malware to your computer. Then WORM/Slenfbot.DP.5.worm can show downloaded malware infections as the system files. WORM/Slenfbot.DP.5.worm definitely is an identified security threat and has to be removed immediately after its detection.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Start Menu\ Settings.lnk
    2 %Temp%\wscsvc32.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'ProxyServer' = 'http=127.0.0.1:5555'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations 'LowRiskFileTypes' = '.exe'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System 'DisableTaskMgr' = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 'Protection Center'vHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 'SelfdelNT'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run '[random string]'
Loading...