We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.

Close

Atención al Cliente de BullGuard

Estamos aquí para ayudarle 24 horas al día, 7 días a la semana


Envíenos una pregunta por correo electrónico y le contestaremos dentro de 48 horas.


 

 

How to remove Worm.Allaple.A



THREAT NAME

Worm.Allaple.A

 

 

CLEAN INSTRUCTION

1. Go to Start, Run type services.msc and click on OK.


2. Locate the entry called Network Windows Service.


3. Right-click it and select Properties. In the new window you will see a textbox called Path to executable ( e.q. C:\Windows\system32\urdxvc.exe ).

4. Press the Stop button in order to stop the malicious service.


5. Now open Windows Explorer ( Start > All Programs > Accessories ), locate the infected file and delete it.


6. Run a full scan with BullGuard.



SYMPTOMS

1. Increased network traffic.


2. Presence of a service called Network Windows Service.


3. When you open local .html pages, if you have Internet Explorer 7.0 you receive a notification that says "Internet

Explorer has restricted this webpage from running scripts or ActiveX controls".



DESCRIPTION

1. The worm uses a polymorphic encryption in order to make detection harder. There are several decryption layers

that are used in order to get access to the code of the worm.


2. The worm will copy itself in the Windows system directory.


3. It will create a process from the copied file and it will instruct it to create a service in order to run when

the computer starts.


4. The service will create serveral threads that will do the following:


- Look for .htm and .html files. When one is found, it will search for the <  HTML  > tag

and will add a reference to its CLSID right after it.


- Try to get access to computers from the LAN by various techniques, including a dictionary attack that

uses a predefined lists of passwords.


- It does a Denial Of Service Attack on 3 websites located in Estonia (www.starman.ee, online.if.ee, www.if.ee).



Author:
The BullGuard Team



00: 00: 00: 00
Dias Horas Minutos Segundos
Close