Threat Database Worms W32.Neeris.C

W32.Neeris.C

By GoldSparrow in Worms

W32.Neeris.C is a self-replicating worm that spreads by copying itself onto removable storage devices and creating backdoors on infected computers to allow remote access to the system. W32.Neeris.C may also exploit the Microsoft Windows Server Service RPC Handling Remote Code Execution vulnerability in order to propagate.

File System Details

W32.Neeris.C may create the following file(s):
# File Name Detections
1. %System%\drivers\sysdrv32.sys
2. %System%\dllcache.exe

Registry Details

W32.Neeris.C may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"C:\WINDOWS\system\dllcache.exe" = "C:\WINDOWS\system\dllcache.exe:*:Microsoft Enabled"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"netmon" = "%System%\dllcache.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dllcache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysdrv32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dllcache

Trending

Most Viewed

Loading...