Fix PC Errors in Minutes
If you have win32 /pushbot.gen installed on your PC, this blog post might help you fix it. Worm:Win32/Pushbot.gen is a functional network worm that infects a course and then tries to replicate in all existing networks. Worm:Win32/Pushbot.gen generates telephone traffic and illegally downloads unknown MP3 files from the Internet.
Worm:Win32/Pushbot.gen!C is a versatile worm detection tool capable of spreading via MSN Messenger and/or AOL Instant Messenger. It also contains a feature entry that allows unauthorized access to any affected system.
When launched, Worm:Win32/Pushbot.gen!C copies itself into each of our Windows folders and uses different file descriptors, such as the following:
It creates View-Only, Hidden, and System attributes for this copy. It also turns the registry into a runtime copy every time you start Windows, like so:
This worm canBe ordered from the marketplace for distribution via MSN Messenger or AOL Instant Messenger by a remote attacker using the worm’s backdoor attributes (see payload below for details). It may be tasked with sending instant messages with a compressed copy linked to itself, or finally it may be tasked with sending instant messages containing URLs pointing to any type of remotely hosted copy of itself. It sends the perfect message to all user calls.
The filename you see, the ZIP archive, the URL of the remote copy, I would say, and the messages sent by the element are all variable and can be provided remotely, like an IRC backdoor. Variants of Pushbot masquerading as logo files have often been observed in the wild.
Some variants of Worm:Win32/Pushbot!C can also transfer the copy itself to removable hard drives (other than A: or B:, a type of USB stick). They are located differently in folders such as RECYCLERS-1-6-21-2434476501-1644491937-600003330-1213 or icefire with a Desktop.ini file. ‘ the front root of the disk, parts of which report to the running corporate system, The folder should automatically show up as a trash can. They also place a file called autorun.inf in the root directory of the drive, which specifies that the copied archive should run when the path is included and autorun is enabled.
Worm:Win32/Pushbot.gen!C attempts to connect to IRC servers on other TCP ports, connects to a channel, or listens for commands. With this entry, an attacker can easily perform the following actions on an affected system:
- Distribution method MSN Messenger or AOL Messenger moment < /li>
- Stop distribution
- Download and add any part of files
Some employeesIRCs are known to correlate:
- 120. Powerful hack. com
Some variants of Worm:Win32/Pushbot.gen!C can simultaneously execute one or more of the following additional events through their backdoor function:
- Participating in Distributed Denial of Service (DDoS) . Attacks
- Try to exit processes by filename< / whether>