Bugz Gunz = Virus.

Go down

Bugz Gunz = Virus.

Post  Sharad on Sat Jun 28, 2008 1:55 pm

Discovered: November 16, 2006
Updated: February 13, 2007 1:02:16 PM
Type: Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When W32.Sality.V is executed, it performs the following actions:

  1. Drops the following files:

          * %System%\wcdrtc32.dl_ - 17,876 bytes, detected as W32.Sality.V
          * %System%\wcdrtc32.dll - 25,600 bytes, detected as W32.Sality.V

            Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

  2. Creates the following mutex:


  3. Injects wcdrtc32.dll into explorer.exe process.

  4. Infects .exe and .scr files on drives C to Z.

  5. Numerates the following registry key entries and infects .exe files that are referenced as data values:


  6. Appends itself by creating a new section 'trdata'. The section size is 20,480 bytes.

  7. Deletes files with the following extensions:

          * .vdb
          * .avp

  8. Deletes .key files containing the following string:


  9. Deletes files whose name starts with:

          * KAV
          * NOD
          * ANTI
          * SCAN
          * ZONE
          * ANDA
          * TROJ
          * TREN
          * ALER
          * CLEAN
          * OUTP
          * GUAR
          * AVP
          * BIDEF

  10. Checks for Internet connection by querying the following URL:


  11. Attempts to connect to the following URL:


  12. Appends the following lines to the file %System%\SYSTEM.INI:


Ah and for the perfect proof.

Oh well, all in all, gunz.exe is a worm infected thing. I'd recommend all of you to go ahead and delete Gunz.exe and Gunzlauncher.exe, and then clean it(Google it).

Oh well have fun ^^ and I do hope the staff do come out with a clean version of Gunz.exe and Gunzlauncher.exe ^^


Posts : 3
Join date : 2008-06-22

View user profile

Back to top Go down

Back to top

Permissions in this forum:
You cannot reply to topics in this forum