Win32/Mocalo, W32/Kmax, Win32.HLLM.Graz, W32.Feebs, JS/Feebs
Variants: [email protected]
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
07 Jan 2006
W32.Feebs is a worm that spreads itself through mass-mailing in the compromised computer’s file-sharing networks. It lowers the security settings on the compromised computer. This worm was first seen on December 22, 2005. Once it is executed, it creates certain registry entries so that it runs every time Windows starts. The worm spreads through email and P2P software or what is known as peer to peer sharing networks. It drops HTML application file. As it touches down the computer, it searches for C to Z drives and copies itself to folders containing the string "share", "upload" or "sharing”. This allows the worm to propagate using file sharing networks like Kazaa and imesh. It also attempts to kill security programs in the infected system. This also has backdoor abilities and it opens HTTP port 80. It allows hackers to upload and steal files from the infected computer. Using an FTP remote server, this worm may steal private information from the compromised computer.
W32.Feebs Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Feebs from your computer.
More details about W32.Feebs
This worm also searches for the folders containing the string share. When the worm is successful, it will add these following files on the compromised computer: ”3dsmax_9_(3D_Studio_Max)_new!_full+crack.zip,”Microsoft_Office_2006_new!_full+crack.zip,”ACDSee_9_new!_full+crack.zip,”Adobe_Premiere_9_(2.0_pro)_new!_full+crack.zip ,”Adobe_Photoshop_10_(CS3)_new!_full+crack.zip DivX_7.0_new!_full+crack.zip,“Ahead_Nero_8_new!_full+crack.zip ICQ_2006_new!_full+crack.zip.”Kazaa_4_new!_full+crack.zip,”Internet_Explorer_7_new!_full+crack.zip,”Longhorn_new!_full+crack.zip” and “winamp_5.2_new!_full+crack.zip.” It also adds an encoded file “userinit.exe.”