Anti virus software
Download free anti virus software Anti virus software information Order anti virus software (US$ 29.95)
Protector Plus
Anti virus software for

 Windows
 (XP, 2000, 2003, NT, Me, 98, 95)

 Exchange
 
 NetWare











Download Antivirus software

W32/Vispat.A Worm

Information about the W32/Vispat.A Worm:

W32/Vispat.A is a mass mailing worm. The worm will infect Windows systems and spreads through email.

Upon execution the worm creates dllcache.exe in the Windows System\dllconfig\cache folder.

The worm modifies registry at the following location to load itself during each startup:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

It also modifies the following registry key to change the Internet Explorer home page:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page"

The worm modifies the registry to:

add various sites to Internet Explorer's Trusted Zone
lower the security setting for sites in the Trusted Zone of Internet Explorer
attempts to hide its presence on the system by modifying the default folder viewing options
attempts to create a new mail account in Outlook Express

The worm then creates some of the shortcut links, which point to "http://vispateresa.biz":

%UserProfile%\Desktop\Internet Explorer.lnk
%UserProfile%\Desktop\VM18.lnk
%UserProfile%\Start Menu\Hard Explorer.lnk
%UserProfile%\Start Menu\Ultimi siti visitati.lnk

When these links are clicked, a file login.exe is downloaded, without the user being prompted, and saved to Windows\Downloaded Program Files folder.

When this file is executed it copies itself as mpeg-video03.exe in the Windows System\scansvc\trust folder.

It also modifies the registry entry so that it runs when ever Windows starts:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

It then scans the Outlook Express Address Book for contacts, and emails itself as a zipped attachment to each of the contacts.

The message will have the following characteristics:

Subject: Indagine Privata

Message Body: Dai un'occhiata al video in allegato, ti hanno beccato...

Attachment Name: mpeg-video00[DIGIT].zip

This worm first appeared on July 9, 2007.

Blueball Other names of W32/Vispat.A Worm:

This Worm is also known as W32.Vispat.A@mm.

Click here to download a 30 day Evaluation Copy of
Protector Plus anti virus for your operating system

About Protector Plus Anti virus Software Packages:

Proland Software is the developer of Protector Plus range of anti virus software packages. Protector Plus anti virus is available for Windows XP, Windows Me/98/95, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS and NetWare servers.

Protector Plus range of anti virus products offer on-line virus detection and removal. All the packages have the ability to detect and isolate all types of viruses, trojans, worms and other types of malware. Protector Plus antivirus software can detect and remove W32/Vispat.A Worm reliably.

These products are updated on a continuous basis and the latest upgrades for all the platforms are made available for downloading from this site.

You can download the 30 day evaluation copy of
Protector Plus anti virus software free of cost for these platforms:

Windows | Exchange | NetWare

Download free anti virus software | Anti virus software information | Order anti virus software

Copyright © 2007 Proland Software. All rights reserved.


Download Antivirus software