|
Although there is enough information available on the mabezat worm. My effort is to keep you updated with the latest. Here are the current observations. The following files were created
c:\autorun.inf
%Profiles%\hook.dl_
%Profiles%\tazebama.dll
%Profiles%\tazebama.dl_
%AppData%\tazebama\zPharaoh.dat
c:\zPharaoh.exe The following folders were created. %AppData%\tazebama The files in the following folders were modified in %Program Files%
Internet Explorer, MSN, Netmeeting, Outlook Express, Windows Media Player, Windows NT, WinPCap The files following folders were modified in %WinDir%
pchealth The following files were modified in the %WinDir%
calc.exe, charmap.exe, cmd.exe, magnify.exe, mobsync.exe, mspaint.exe, mstsc.exe, narrator.exe, notepad.exe, ntbackup.exe, odbcad32.exe, osk.exe, Restore\rstrui.exe, sndrec32.exe, sndvol32.exe Process in TaskManager
tazebama.dl_ You can find the ThreatExpert report on this link ("Reprinted with permission from ThreatExpert.")
|
