2090 Virus

2090 Virus is a Computer worm that may cause critical damage to a computer system. It has been in the wild since February 7th 2009 (KST) . It is diagnosed as Win32/AimBot.worm.15872 (in AhnLab Inc products) and Trojan.Win32.Crypt.15872.B (in Hauri products).
Symptoms
The virus causes the system date to be changed 10:00 AM January 1st 2090 and cannot be reset. The virus creates several types of files, some of which are apparently downloaded from "wpaxxxx.amenworld.com", in the Windows System folder, where the filename is a random number. After reboot, it is executed by registering to userinit.exe registry. Systems infected by the virus may be slower and cause general system instability. In the case of Windows XP Service Pack 3 systems, there may be additional instabilities related to the system logon process.
It automatically creates the files "autorun.inf" and "explorer.exe" in USB storage device so it may spread itself to others. Another method of propegation is the self-replication by spreading to shared network folders, using vulnerability of RPC DCOM (MS03-039) and MS08-067, or Internet Relay Chat. It scans TCP 445 port and spreads exploit codes to unpatched PCs by using MS08-067 vulnerability. It may overload network because of its constant scanning of TCP 445 port and sending ICMP pings messages throughout the network.
According to Inca Internet Co., a Korean anti-virus company, the virus does not infect any files. That is, this virus never spreads itself through users' downloaded files.
Prevention
* Blocking TCP 139, TCP 445 ports
* Patching KB824146 (MS03-039), and KB958644 (MS08-067)
* Using up-to-date virus definitions with anti-virus software, and firewall
* Enabling real-time intrusion detection of anti-virus software
* Disabling Autorun Function of USB storage device
Removal
As with most viruses, one should be able to remove this virus through the use of anti-virus software, or removal tools for only 2090 Virus. According to AhnLab Inc, in the event that a system is unbootable or unable to log on, you may to use the Microsoft Windows Installation disc or Emergency Boot disk distributed by anti-virus companies, and recover the system.
 
< Prev   Next >