Home Education E-BooksTravel Troubleshooting Linux Contact Us About Us
Troubleshooting Tips And Steps
Windows & Hardware Tips
Information On Viruses
Miscellaneous

virus file

VIRUS NAME : W32/Benjamin.worm

VIRUS NAME : W32/Benjamin.worm

Internet Worm Characteristics

This threat is considered a Low-Profiled risk as it is not wide-spread and has gotten media attention.

When this worm is run, it copies itself to %WINDIR%\SYSTEM\EXPLORER.SCR, where %WINDIR% is the directory Windows is installed in. Then it adds the registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ Run\SystemService=%WINDIR%\SYSTEM\EXPLORER.SCR

To spread, the worm requires that the Kazaa software is installed on the machine. It creates a directory called %WINDIR%\TEMP\SYS32, and changes the Kazaa settings so that remote users can download from this directory. Then it copies itself to that directory under many different names which other users may search for. The size of these files can vary since the worm pads them with garbage bytes. This method of spreading is comparable to the VBS/GWV worm.

Symptoms

Presence of EXPLORER.SCR and registry key pointing to it.
Presence of %WINDIR%\TEMP\SYS32 and many files inside.

Method Of Infection

Since this worm offers itself over the Kazaa network under names that users may find tempting, users who are not infected may download and run the worm from infected machines, and thus spread the worm themselves.

If you are fed up with any virus and not getting solution of it. mail us on amgroup@skillsheaven.com and please provide all the detail about virus.