Home Malware Programs Worms WORM_KOLAB.SMXQ

WORM_KOLAB.SMXQ

Posted: September 27, 2011

Threat Metric

Threat Level: 5/10
Infected PCs: 15
First Seen: September 26, 2011
OS(es) Affected: Windows

WORM_KOLAB.SMQX is a malignant computer worm, which spreads by copying itself via flash drives, removable drives and instant messaging applications. These copies use the names of the folders located on the said drives for their file names. WORM_KOLAB.SMQX is distributed to the infected computer as a file dropped by other malware threats or as a file downloaded unknowingly by Internet users when visiting infected websites. WORM_KOLAB.SMQX adds its registry entries to allow its automatic execution every time you start a computer. WORM_KOLAB.SMQX is able to connect to Internet Relay Chat (IRC) servers. WORM_KOLAB.SMQX executes commands from a remote attacker to infect the targeted PC system. Remove WORM_KOLAB.SMQX before it harms your computer system.

Aliases

W32/Dorkbot.A.worm [Panda]Injector.EQT [AVG]W32/Ruskill.AFP!tr.bdr [Fortinet]Gen.Trojan.Heur [Ikarus]Trojan/Win32.FakeAV [AhnLab-V3]Backdoor/Win32.Ruskill.gen [Antiy-AVL]TR/Crypt.XPACK.Gen3 [AntiVir]UnclassifiedMalware [Comodo]Trojan.Generic.KDV.295922 [BitDefender]Backdoor.Win32.Ruskill.afp [Kaspersky]Win32.TRCrypt.XPACK [eSafe]Win32:Kryptik-DVB [Trj] [Avast]Trojan.Gen.2 [Symantec]a variant of Win32/Injector.HXM [NOD32]Generic BackDoor!dlp [McAfee]
More aliases (25)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%SystemDrive%\Windupdt\winupdate.exe File name: winupdate.exe
Size: 838.14 KB (838144 bytes)
MD5: f6c1a5f929fbcc99f45862e86ae6d916
Detection count: 85
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Windupdt
Group: Malware file
Last Updated: November 8, 2011
3369584517.exe File name: 3369584517.exe
Size: 291.32 KB (291328 bytes)
MD5: 3480086d167fce1ff67e86cd9fb02be3
Detection count: 76
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 6, 2011
7148484517.exe File name: 7148484517.exe
Size: 428.52 KB (428523 bytes)
MD5: eb21d02faab39472c98598638634b10c
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 6, 2011
5948484517.exe File name: 5948484517.exe
Size: 799.76 KB (799766 bytes)
MD5: 1c3168ca0ddaa02557b0da7ebf254d41
Detection count: 74
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 6, 2011
594884517.exe File name: 594884517.exe
Size: 226.82 KB (226822 bytes)
MD5: 5a52d6dca7abeecf6967c8bfaf4a3dc6
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 6, 2011
%User Temp%\{RANDOM CHARACTERS}.exe File name: %User Temp%\{RANDOM CHARACTERS}.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Application Data%\E-73473-3674-74335 File name: %Application Data%\E-73473-3674-74335
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft MainUpdates = "%Application Data%\E-73473-3674-74335\msnrsmsn.exe"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Application Data%\E-73473-3674-74335\msnrsmsn.exe = "%Application Data%\E-73473-3674-74335\msnrsmsn.exe:*:Enabled:Micr
Loading...