PC Security Shield Virus Alert: Worm.Win32.Zindos.5760

  • Also Known As
  • W32.Zindos.A[Symantec], W32/Zindos.worm[McAfee], WORM_ZINDOS.A[Trend]  
  • Type
  • Worm   
  • Systems Affected
  • Win32 
  • Resident in System Memory
  • No
  • Origin
  • others
  • Encryption
  • No
  • How it spread
  • Network
  • Infection symptoms
  • DoS attack, Changes registry
  • Specific date of infections
  •  None
  • Destructivity/ Distribution Potential
  • ** / **  

    Technical Description

    This worm was found on July 27 2009.

    It infects the system that opens TCP port 1034, and upon infection, it attempts to Denial of Service(DoS) attack microsoft.com.

    How it spreads:

    Worm scans TCP port 1034 of random IP address and when it finds the opened port, it copies worm. At this time, worm is created and

    executed as a random name in the Window temporary folder.

    Notes : TCP port 1034 is the port number that is opened when it is infected by specified backdoor. This backdoor is dropped by I-

    Worm.Win32.Mydoom.27648 so if it is infected by Mydoom.27648 the backdoor is infected as well.

    Infection symtoms:

    1. Worm attempts to DoS(Denial of Service) attack to the following domain.

    http://www.microsoft.com

    2.Worm is added in the following registry to be auto-executed when the system reboots.

    - HKEY_LOCAL_MACHINE\
        Software\
         Microsoft\
           Windows\
             CurrentVersion\
               Run

    Name : Tray
    Data : (Worm file name which is not regular).EXE





    How to repair:       [Repair by using The Shield AntiVirus]



    The Shield AntiVirus


    Security Shield AntiVirus - Total Internet Security