W32.Lecna.A
Aliases: W32/Lecna.A Worm
Variants: W32.Lecna.H, W32.Lecna.C
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 31 May 2006
Damage: Medium
Characteristics: W32.Lecna.A is a worm. It spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow described in Microsoft Security Bulletin MS04-011). The worm opens a backdoor and downloads remote files. It also uses a rootkit to hide its presence on the infected computer.
W32.Lecna.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Lecna.A from your computer.
More details about W32.Lecna.A
When the worm W32.Lecna.A is executed, it creates the following files: explore.exe, MiniPCI.sys (A rootkit component), and DriverNum.dat. It also adds values to the registry and modifies it to ensure that it runs every Windows start p. The worm hides itself on the infected system by installing a rootkit driver named MiniPCI0. It even hides the real Internet Explorer process. It contacts certain websites and downloads the files: netscv.exe, netsvcs.exe, and netsvc.exe. It downloads updates to itself. Next, the worm opens a backdoor on the infected computer and allows an attacker to list, delete, download, and execute files. It also allows the attacker to list and end processes, enumerate network computers, exploit the Microsoft Windows LSASS Buffer Overrun Vulnerability, and connect to the attacker's computer and transfer data using HTTP commands.The W32.Lecna software may enter the system when the user downloads certain freeware applications. Freeware products may contain advertising components to earn revenue for the developer. Online advertisers use them to deliver marketing content straight to the end-user. It may be stated in the End User License Agreement (EULA) that users will receive advertisements in exchange for free use of the program. Downloader applications can also spread the advertising software. The program may place its files in a number of hidden folders. The exact location commonly varies for each installation. Random file names are also used. This allows the software to prevent detection. The processes are added to the system registry so they can run at startup.
Browse for more malware information
- W32.Lecna.A
- W32.Led@mm
- W32.Leebad
- W32.Lemoor.A
- W32.Liac.A@mm
- W32.Likasimal
- W32.Lile.A
- W32.Lindo
- W32.Linkbot.A
- W32.Linkfars
- W32.Litar.Worm
- W32.Lofni.Worm
- W32.Logitall.A@mm
- W32.Lohack.C.Worm
- W32.Longbe@mm
- W32.Looked
- W32.Looksky.A@mm
- W32.Lorac
- W32.Losabel
- W32.Lovena.A@mm
- W32.Lovgate.AB@mm
- W32.Loxbot.A
- W32.Lunalight@mm
- W32.Mabezat.A
- W32.Madag.A
- W32.Madangel
- W32.Maddis.B
- W32.Mafeg
- W32.Magflag.A@mm
- W32.Mailbancos@mm
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.