W32.Reatle@mm
Aliases: CME-875, Win32.Reatle.A, Lebreat, Net-Worm.Win32.Lebreat.gen, W32/Reatle.gen@MM, W32/Lebreat-A
Variants: W32.Reatle.A@mm, W32.Reatle.B@mm, W32.Reatle.C@mm
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: North America
Removal: Easy
Platform: W32
Discovered: 15 Jul 2005
Damage: Medium
Characteristics: W32.Reatle@mm is a mass-mailer and a network worm. Shortly after the first version, 2 more variants appeared. The worm also has a backdoor, a Trojan downloader and DoS (Denial of Service) attack capabilities. It is a slow infector, but inflicts medium damage to the infected computer.
W32.Reatle@mm Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Reatle@mm from your computer.
More details about W32.Reatle@mm
When W32.Reatle@mm is executed, it copies itself as the following files: ccapp.exe, Windows.exe, and attach.tmp. It modifies the registry to ensure it loads every start up. It also modifies the registry so that it disables several Windows security features, several Windows security features, System Restore, and Task Manager and Registry Tools. It also gathers email addresses from files with the following extensions: .asp, .txt, .adb, .tbb, .dbx, .html, .htm, and .wab. It stores the gathered email addresses in the file xzy6.tmp. The worm uses its own SMTP engine to send itself to the email addresses that it finds. It opens an FTP server on TCP port 8885 and attempts to connect to a random range of IP addresses on TCP port 445. It downloads itself onto the newly infected computer if a successful connection is made.The W32.Reatle@mm application connects to a remote server. This server is commonly hard-coded in the program. It may be specified using a web or IP address. The backdoor software then waits for commands to execute in the infected system. This program can manipulate the files in the system. This includes both data and system files. They can be edited, moved, or deleted. Installed programs can be launched or closed without the user’s consent. The CD drives may open and close unexpectedly. Other malware applications can be added to the system. This includes adware, spyware, and Trojan software.
Browse for more malware information
- W32.Reatle@mm
- W32.Recory@mm
- W32.Redlofs
- W32.Redlofwen
- W32.Redplut
- W32.Redzed@mm
- W32.Refaz
- W32.Refoav@mm
- W32.Reidana.A
- W32.Relfeer
- W32.Relnek.A
- W32.Remabl.Worm
- W32.Remadmin
- W32.Remadworm
- W32.Renama.A@mm
- W32.Renco@mm
- W32.Repad.Worm
- W32.Reploret
- W32.Resdoc
- W32.Resik.A
- W32.Rexli.A@mm
- W32.Reztrict@mm
- W32.Ridnu.B
- W32.Rinbot!gen
- W32.Rispif.A
- W32.Rokid
- W32.Ronoper.B@mm
- W32.Rontokbro
- W32.Rontokbro.AN@mm
- W32.Row@mm
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.