I am definitely sure that you don’t want to experience slow computer performance, loss of data or the release of private information to websites. What bewilders me in this situation is the heap of viruses that regularly annoy users on their daily surfing of the Internet.
This time the potential security risk, sys32dll.exe also known as the aimdes.b worm is causing alarms to ring. In hopes of helping to make you understand and recognize this particular virus let’s take into consideration the following symptoms of the worm and the action process, once the aimdes.b worm is in your system.
It should be stressed that aimdes.b worm is a virus with the aim to exploit a serious vulnerability, which may lead to severe damage to your system. Being a simple worm that propagates via AOL Instant Messenger, W32.Aimdes.B attempts to disable the use of different system utilities and disables security notifications.
|Also Known As:||IM-Worm.Win32.Aimes.b, Worm_Aimides.B, TrojWare.Win32.Trojan.Agent.Gen, W32.Aimdes.C@mm|
|Systems Affected:||Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP|
During the execution the worm performs the following actions:
1. It creates the following files:
- %UserProfile%\Start Menu\Programs\Startup\Norton.exe
- %UserProfile% is a variable pointing to the current user’s profile folder. By default, this is C:\Documents and Settings\ (Windows NT/2000/XP).
- %Windir% is a variable referring to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
2. The aimdes.b worm adds one of the following values:
“sys32dll” = “%Windir%\sys32dll.exe”
“MsVBdll” = “%Windir%\sys32dll.exe”
to the registry key:
3. Also, it adds the following registry entries:
“FirewallDisableNotify” = “1″
“UpdatesDisableNotify” = “1″
“AntiVirusDisableNotify” = “1″
to the following registry keys
This is an attempt to disable firewall and antivirus notifications as well as the update status, through the Windows Security Center.
4. Then, the worm adds the following registry entries:
“DisableTaskMgr” = “1″
“DisableRegistryTools” = “1″
to the registry key
to disable access to the Windows Task Manager as well as registry editing tools.
5. Adds the registry entry:
“NoAutoUpdate” = “1″
to the registry key
to disable automatic Windows Updates.
6. After that it will delete the following registry value:
“Windows” = “Auto Update.exe”
if detected at the specified location:
7. It sends keystrokes to open AOL Instant Messenger windows causing the following message to be sent:
“Hey I went to a wild party last week! check out the pics!!!!”
8. The worm attempts to terminate the following processes:
Remember all the threat symptoms stated above in order to identify and avoid the aimdes.b worm .