Worm.Korgo.U

Posted: December 9, 2009

Worm.Korgo.U is a network-aware worm which spreads by exploiting Windows vulnerabilities. Worm.Korgo.U opens numerous ports for other harmful malware to enter the system and also attempts to steal banking information and send it to devious hackers. Other symptoms related to a Worm.Korgo.U infection include the modification and corruption of system files. Once detected, Worm.Korgo.U should immediately be removed using an effective anti-spyware program.

File System Modifications

The following files were created in the system:

# File Name

1 %System%\nyaxkm.exe

2 %Temp%\bsa1.tmp

3 %Temp%\vta2.tmp

4 %Temp%\wia4.tmp

5 %Temp%\xda3.tmp

#	File Name
1	%System%\nyaxkm.exe
2	%Temp%\bsa1.tmp
3	%Temp%\vta2.tmp
4	%Temp%\wia4.tmp
5	%Temp%\xda3.tmp

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wireless]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

Worm.Korgo.U

File System Modifications

Registry Modifications

Leave a Reply