Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Worm-Email.beloy Analysis Report
Threat Submitted On: 10/31/2008 4:53:31 PM
Threat Analysed On: 10/31/2008 9:53:31 PM
Threat Updated On: 1/28/2011 11:39:48 AM
Type : Worm-Email
Symptoms of beloy
  • Spreads through the opening of infected e-mail attachments.
  • Sends a copy of itself to all the contacts of the user’s address book.
  • Sometimes has dire results like affecting the hard disk and threat to privacy.
Information
Alias : email-worm.win32.beloy.b
Md5 Hash : [Not Available]
File Size : [ Not Available ]

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: [RandomName].exe
Path : %workingdir%

Md5Hash :45adf8f33d39647b7bdf3af1fff3b9e5 ( 88000 bytes)
File: msnms.exe
Path : %windir%\system32

Md5Hash :f779da32ad020a7a51aeead817cc862d ( 23552 bytes)
File: msnmsgr.exe
Path : %windir%\system32

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
016fb3fe28384a10a78cfafdc87c417d ( 144896 bytes)
4705d768696acbd86c7fbf1d73f21722 ( 144896 bytes)
d4819c92d10d17be7504696d7f4a684f ( 144900 bytes)
File: msnx.exe
Path : %windir%\system32

Md5Hash :c8293c7d47d0b6650bf78167adb33db4 ( 145920 bytes)
File: syslinks2.dll
Path : %windir%\system32

Md5Hash :45adf8f33d39647b7bdf3af1fff3b9e5 ( 88000 bytes)
File: sysviews.dll
Path : %windir%\system32

Md5Hash :5fe178b2bc11e311706596eef7f2196a ( 89000 bytes)
File: winviews32.dll
Path : %windir%\system32

Md5Hash :ba2823f365555716db98a9bc994bcb5d ( 20000 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
016fb3fe28384a10a78cfafdc87c417d ( 144896 bytes)
342203fe002ef4d2abb7c3e67cbb2856 ( 29000 bytes)
4705d768696acbd86c7fbf1d73f21722 ( 144896 bytes)
5057b1817d294e6dadf5fabe0abf19e0 ( 19970 bytes)
7e2f64b4f1d4ec46d8f326ef809be23f ( 88005 bytes)
c8293c7d47d0b6650bf78167adb33db4 ( 145920 bytes)
d4819c92d10d17be7504696d7f4a684f ( 144900 bytes)
d5a87940b65108eaf55b7245985f022a ( 37000 bytes)
e73fa6fb21b91f53157a3f5d8a24f8ee ( 88002 bytes)
f779da32ad020a7a51aeead817cc862d ( 23552 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
Windows Update = "%SYSTEMDRIVE%\Data\342203fe002ef4d2abb7c3e67cbb2856.exe"
|__ Value Added :
windows update = "%SYSTEMDRIVE%\data\d5a87940b65108eaf55b7245985f022a.exe"

NOTE:

2. %workingdir% Refers to the current directory in which user is working.
3. %windir% Refers to the windows root folder. By default it is 'C:\Windows'

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.