W32.Ceted
Aliases: N/A for W32.Ceted
Variants: N/A for W32.Ceted
Classification: Malware
Category: Computer Worm
Status: active
Spreading: Low
Geographical info: Low
Removal: Easy
Platform: W32
Discovered: 09 Jan 2008
Damage: low
Characteristics: This is also classified as a backdoor worm. It is said that W32.ceted is a computer worm that attempts to decrease the security level of someone's computer.
W32.Ceted Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Ceted from your computer.
More details about W32.Ceted
Consequently creating various files on your system and attempting to copy itself on other computers shared to your network, this virus or worm affects Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista and Windows XP. This virus usually spreads to the network that shares and allows trackers to gain full access and more importantly control in the computer. When the worm is executed, it creates the following files and gives them system, hidden, and read-only attributes: %SystemDrive%\ntdetec1\ntdetec1.exe, %SystemDrive%\ntdetec1\cmrss.exe, %SystemDrive%\ntdetec1\run.exe, %SystemDrive%\ntdetec1\shell32.exe, %SystemDrive%\ntdetec1\drivelist.txt, %SystemDrive%\ntdetec1\child\autorun.inf, and %SystemDrive%\ntdetec1\child\ntdetec1.exe. Indications of infections include duplication or replication of files and sharing of all the files to all shared and removable drives on the compromised computer.It is also known that the worm monitors all new processes created. If the window title of any process contains one of the following strings, the worm will close that window of Windows Task Manager and Process explorer. Another factor known is that the worm attempts to redirect Google searches to customized search results using the URL. This is the example of the URL,http://www.google.com/custom?hl=en&client=pub-2141221394801249&channel=7215448870&cof=FORID 3A1 3BGL 3A1 3BLBGC 3A336699 3BLC 3A 230000ff 3BVLC 3A 23663399 3BGFNT 3A 230000ff 3BGIMP 3A 230000ff 3BDIV 3A 23336699 3B&ie=ISO-8859-1&oe=ISO-8859-1&q=[ORIGINAL QUERY]. The worm then will restart the computer if the cmrss.exe process is ended.
Browse for more malware information
- W32.Ceted
- W32.Chaim
- W32.Check.Mirc
- W32.Chiko
- W32.Chir.B@mm
- W32.Chod.B@mm
- W32.Choke.Worm
- W32.Cianam.Worm
- W32.Ciosor
- W32.Cissi.A@mm
- W32.Clunk.A
- W32.Collo
- W32.Condown.A
- W32.Cone.B@mm
- W32.Conedi.Worm
- W32.Culler.A
- W32.Cycle
- W32.Dabber.A
- W32.Dafet.A
- W32.Dalbug.Worm
- W32.Danber
- W32.Darby.B
- W32.Darjen
- W32.Darker.Worm
- W32.Dasher.A
- W32.Datom.Worm
- W32.Dawin
- W32.Debanpass
- W32.Debsis.A
- W32.Dedler.Worm
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.