Threat Database Worms W32.Flamer

W32.Flamer

By JubileeX in Worms

W32.Flamer is a worm that is spread through removable drives. W32.Flamer also opens a back door on the corrupted PC and may steal confidential data from its victims. W32.Flamer attempts to bypass the detection by anti-virus application by saving its complex code in .OCX files, not usually checked by anti-virus software in their default configuration. However, if W32.Flamer detects McAfee's on-access scanner McShield, instead, it saves its code in .TMP files. Once a computer system is infected, W32.Flamer performs malicious actions including taking screenshots, recording audio conversations, sniffing the network traffic, intercepting the keyboard, and other. All this data is available to the attackers through the link to Flame's command-and-control (C&C) servers.

SpyHunter Detects & Remove W32.Flamer

File System Details

W32.Flamer may create the following file(s):
# File Name MD5 Detections
1. Windows\System32\msglu32.ocx
2. Windows\System32\soapr32.ocx
3. Windows\System32\ccalc32.sys
4. Windows\System32\nteps32.ocx
5. Windows\System32\boot32drv.sys
6. windows\system32\mssecmgr.ocx
7. Windows\System32\advnetcfg.ocx
8. flamer.rar 6fee4209eec1269d30353308831fba0c 0
9. flame.zip 6dc0de3759e4ba0d501b646a48c49fa2 0
10. file.exe 5456035581452b1c482c73e964677fa7 0
11. test.rar 067a5e80a6cb5535c2b6d55b1235cd22 0
12. file.exe c5ddc8732b4d88950ef01ab68846eb2a 0

Registry Details

W32.Flamer may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\"Authentication Packages" = "mssecmgr.ocx"

Related Posts

Trending

Most Viewed

Loading...