Exploit-MS04-011.gen, W32/Wort-D, BKDR_WORTBOT.A, TR/Expl.DcomRpc
Exploit.MS04-011, Win32.Wort.D, Bck/WortBot.E, Win32/Wortbot.C
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
26 Aug 2004
The W32.Scane program is a worm that tries to propagate by exploiting the MS Windows LSASS Buffer Overrun Vulnerability.
W32.Scane Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Scane from your computer.
More details about W32.Scane
When the W32.Scane worm opens, it may duplicate itself as “%System%\servicec.exe”. Take note that %System% is a variable that submits to the folder of your system. By default, it is “C:\Windows\System32 (Windows XP)” or “C:\Winnt\System32 (Windows NT/2000)”. Then, the worm adds some values to the registry key, so that the worm opens whenever you launch windows. The W32.Scane makes a lot of threads that try to link to a block of Internet Protocol addresses by using the MS Windows Buffer Overrun Vulnerability on the TCP port 445. When finished, the remote system tries to get a duplicate of the W32.Scane from the host.
Reports claim that the W32.Scane program enables a hacker to influence a computer from a remote location and perform various actions on the said computer. With the program, the hacker can change the system registry, modify files, log keystrokes, download and execute codes and perform Denial of Service (DoS) attacks. Just like any other malware application, the W32.Scane is installed by taking advantage of gaps in the security settings of the computer. It is typically installed without user interaction and consent. It is usually contracted by the computer as an email attachment especially when it came from unknown senders.