publicidadpublicidad publicidad
 

> Home > Antivirus > Enciclopedia de virus > Virus ShellScrap.Worm

Virus ShellScrap.Worm

La Peligrosidad varía según el Daño y la Propagación

Peligrosidad Peligrosidad alta Propagación Propagación baja Daño Daño alto
 
 
Descripción Detalles Solución Estadísticas

Efectos:

ShellScrap.Worm deletes the Windows Registry editor (REGEDIT.EXE). However, it does not permanently delete it; it moves it to the Recycle Bin.

Metodo de infección:

ShellScrap.Worm creates the following files:

  • SCRIPT.INI. This file is created in the folder in which the mIRC application is installed, when ShellScrap.Worm spreads via chat channels.
  • EVENTS.INI. This file is created in the folder in which the PIRCH application is installed, when ShellScrap.Worm spreads via chat channels. The aim of the files SCRIPT.INI and EVENTS.INI is to spread to other systems connected to the chat channel, through the file LIFE_STAGES.TXT.SHS. The addresses to which the chat programs (DCC) directly connect using Sockets (devices that transport data in a network) are hidden in these files.
  • MSINFO16.TBL, in the Windows directory.
  • SCANREG.VBS and VBASET.OLB in the Windows system directory.
  • DBINDEX.VBS, MSRCYCLD.DAT and RCYCLDBN.DAT in the Recycle Bin.
  • Files without predefined names. These are generated using random letters. Some of these file names are similar to those in the list below (the * must be replaced by a group of letters that the worm adds at random):
    IMPORTANT*.TXT.SHS
    REPORT*.TXT.SHS
    SECRET*.TXT.SHS
    INFO*.TXT.SHS
    UNKNOWN*.TXT.SHS

ShellScrap.Worm creates the following entry in the Windows Registry:

  • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunServices
    This entry is directed to the file SCANREG.VBS in the Windows system directory.

ShellScrap.Worm also uses the following techniques:

  • Encryption. This technique makes it more difficult to detect and study the worm. It uses the same encryption technique as the VBS/Zulu virus.
  • Stealth. This technique involves using files with a SHS extension. It exploits an error that prevents these type of files from being displayed.
  • In order to make it difficult to delete this worm, it also moves the Windows Registry editor (REGEDIT.EXE) to the Recycle Bin. It will appear in the Recycle Bin with the name RECYCLED.VXD.
  • The file that carries the worm (LIFE_STAGES.TXT.SHS) passes itself off as a text file, with a TXT extension, whereas it is actually a VBS file (Visual Basic Script).
  • If the word processing application Word is installed, it uses the Fast Find option to look for files and use their names. If Word isn't installed, ShellScrap.Worm uses a different method: it looks for a file with any name but with the same size as the worm.
    Then, it creates several copies of itself under different names in different parts of the hard disk. The aim of this action is to prevent the worm from disappearing if the user deletes it manually. If this happens, the copy will be replaced immediately.

Metodo de propagación:

ShellScrap.Worm spreads via e-mail, IRC chat channels and across networks.

1.- Transmission via e-mail.

ShellScrap.Worm follows the routine below:

  • It reaches the computer in an e-mail message with the following characteristics:

    Subject: one of the following:
    Fw: Life Stages text
    Fw: Funny text
    Fw: Jokes text
    Life Stages text
    Funny text
    Jokes text
    Fw: Life Stages
    Fw: Funny
    Fw: Jokes
    Life Stages
    Funny Jokes

    Message:
    The male and female stages of life
    Bye.

    Attachments:
    LIFE_STAGES.TXT.SHS.
  • Once the attached file is run, the computer is affected.
  • ShellScrap.Worm sends itself out. It checks if Outlook's Address Book contains 101 e-mail addresses. If it has less than 101, it sends itself to all of them and if it has more that 101, it selects 100 at random and sends itself to them.

2.- Transmission via IRC.

  • ShellScrap.Worm sends itself out via chat provided that programs like mIRC or PIRCH are installed in the affected computer.
  • ShellScrap.Worm waits for the user to connect to a chat channel (IRC) and sends the LIFE_STAGES.TXT.SHS file to all the users connected to that channel at the moment.

3.- Transmission across networks.

  • ShellScrap.Worm looks for the WINDOWS directory of all the network drives (even in paths that are not mapped) and copies itself to them.
  • If the WINDOWS directory does not exist, ShellScrap.Worm creates a copy of itself (under a random name) in every accessible disk in the network.

Otros detalles:

ShellScrap.Worm is written in the programming language Visual Basic Script.
 
 
 
Servicios

Buscador de internet

Callejero

Directorio de empresas

Directorio Web

Divisas

El Tiempo

Páginas amarillas

Páginas blancas

Traductor

 
Canales

ADSL

Alimentación

Horóscopo

Compras

Contactos

Formación

Juegos

Lotería de Navidad

Monografías

Móviles

Viajes

 
Noticias

Noticias

Nacional

Regional

Internacional

Cultura y ocio

Economía y finanzas

Deportes

Sociedad

Ciencia y tecnología

Medicina y salud

 
Recomendamos

Callejero

 

Cine

 

Dibujos para colorear

Dietas

 

Glosario

 

Horóscopo
Desarrolado por Hispanetwork