[COLOR=firebrick][B][I][SIZE=1][FONT=arial] Found on the program (T-42832-)hacking tools 2002.exe

W32.HLLW.Purol Type: Worm
Infection Length: 38,225 bytes

Systems Affected: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
Systems Not Affected: Windows 3.x, Microsoft IIS, Macintosh, OS/2, UNIX, Linux
Virus Definitions (Intelligent Updater) April 11, 2003
Damage - Payloadeletes files: Attempts to delete directories belonging to several Antivirus programs.
Distribution - Shared drives: Attempts to spread through various file-sharing networks.
When W32.HLLW.Purol runs, it does the following:
Attempts to delete all the files from the following folders:
C:\Progra~1\eSafe\Protect
C:\Progra~1\McAfee VirusScan
C:\Progra~1\NORTON~1
C:\Progra~1\Acceleration Software\Anti-Virus
C:\Progra~1\F-prot
C:\Progra~1\Mcafee
C:\Progra~1\Kasper~1
C:\Progra~1\Avpersonal
C:\Progra~1\Bullguard

Adds the value:
"Winstart"="c:\windows\winstart32.exe"
to the following registry keys:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\
RunServices
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run

Checks the following folders:
C:\Windows\Myshares
C:\Program Files\Icq\Shared Files
C:\Program Files\Bearshare\Shared
C:\Program Files\Morpheus\My Shared Folder
C:\Program Files\Edonkey2000\Incoming
C:\Program Files\Gnucleus\Downloads
C:\Program Files\Gnucleus\Downloads\Incoming
C:\Program Files\Kazaa\My Shared Folder
C:\Program Files\Kazaa Lite\My Shared Folder
C:\Program Files\Limewire\Shared
Then, the worm copies itself to any of the folders that it finds.

It also adds registry values to all of the above, then happily sets about procreating. More details, plus how to remove it manually can be found at the Symantec site (among others). 2 viruses (virii?) in 2 days. Geez, I feel like one of those bomb-sniffing dogs!

You didn't really download and execute that program did you? I half-way respect the script kiddie way, all hackers were at one time a script kiddie, but everyone knows to never download hacking tools from a P2P network, right? You should always use extreme caution if you dare to download and execute a program from a P2P network. Common sense will protect you from this worm.

mstfyd: once again man - [/FONT][/SIZE][/I][/B][/COLOR] I don't mean to be a smartass, but adding that to the end of your post will make it look a lot better.

deepblue

__________________


"THEY WHO WOULD GIVE UP AN ESSENTIAL LIBERTY FOR TEMPORARY SECURITY, DESERVE NEITHER LIBERTY OR SECURITY."
--Benjamin Franklin

pfft! Norton Antivirus caught this in mid-download, so it never completed. However, I have been caught once by spamware which flew below Norton's radar, and later was caught by Ad Aware (not AA's fault, I thought that permission was being asked for something legit & granted it). Now, it's no more decisions on the sleep-deprivation diet . No way am I a programmer; although I briefly went to a programming blender school (mix 'em up, churn 'em out, dump the dregs, take the $), as a programmer, I make an excellent coffee cocktail

Why on earth are you pulling up old threads this is the second thread today thats not the way to increase your post tally lol...

Kazaa pfft. one of the worst filing sharing apps out there no wonder why some of you noobs have no clue how to download from Gnutella.

You might want to run only one file sharing app, its any wonder how you computer isnt totally infested with spyware by now.


and I know its an old thread.

kazaa is still a big network, it just comes with alot adware does ads cant fight with the biggest network

Every P2P network has a lot of spyware/adware/malware. Get used to it. Use some common sense and it shouldn't be a problem.

deepblue

__________________


"THEY WHO WOULD GIVE UP AN ESSENTIAL LIBERTY FOR TEMPORARY SECURITY, DESERVE NEITHER LIBERTY OR SECURITY."
--Benjamin Franklin