Net-Worm.Win32.AllocUp.a, W32/Allocu-A, BKDR_ROBOBOT.AD, Flooder.Boxed, Worm/Robobot
DDoS-Boxed, Net-Worm.Win32.AllocUp.c, Win32.Worm.Dedler.AM, W32/Dedler.AM.worm
Category: Computer Worm
Active & Spreading
Asia, North and South America
04 Apr 2005
Considered as a type of network aware malware, the W32.AllocUp.A is capable of opening an unsecured backdoor using random TCP ports of the compromised computer system. It also exploits certain vulnerabilities of the Local Security Authority Service of the operating system causing buffer overflow.
W32.AllocUp.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.AllocUp.A from your computer.
More details about W32.AllocUp.A
The W32.AllocUp.A program allegedly exploits certain vulnerabilities of the Local Security Authority Service of the Operating System causing buffer overflow. The file msveup.exe is extracted into the System folder of the Windows directory. This file serves as the main executable file of the W32.AllocUp.A malware. A corresponding Windows Registry key is created for this executable file. This allows the malware to load automatically on system startup. The W32.AllocUp.A program also disables various services and processes that are associated to security programs and protocols. This allows the malware to illegally terminate protection mechanisms without the user's knowledge creating a false sense of security. When the backdoor is opened by the W32.AllocUp.A program, it automatically sends out a notification to the attacker. This alert is a signal to the malicious author that the compromised computer system is now ready to receive remote commands.
Once the alert has been received, the Web browser is automatically launched to connect to the doalloc.com, rpcset.com, upalloc.com, and nevertest.com domains where multiple copies of the readme001.txt are downloaded into the machine. The text file actually contains a listing of more websites where the W32.AllocUp.A malware can download and execute additional dangerous codes. In this context, the infected machine becomes storage of more malicious and dangerous routines. Once the downloading routine is initiated by the W32.AllocUp.A malware, it simultaneously scans for available unprotected network shares by exploiting the LSAS service of the Operating System.