Members
Stats
  • Total Posts: 28533
  • Total Topics: 8240
  • Online Today: 1019
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: W32/Cekar  (Read 1860 times)

0 Members and 1 Guest are viewing this topic.

Amker

  • SCF Global Moderator
  • *****
  • Posts: 1081
  • KARMA: 22
  • Gender: Male
    • SCforum.info
W32/Cekar
« on: 16. June 2007., 15:15:55 »
W32/Cekar is a file infecting worm. It searches for executable files on the infected machine, removable media and mounted network drives to append its viral code. It can also be monitoring and stealing passwords from QQ, a popular Instant Messenging application in China.
Aliases
W32.Jacksuf.A (Symantec)
Characteristics -


W32/Cekar is a file infecting worm. It searches for executable files on the infected machine, removable media and mounted network drives to append its viral code. It can also be monitoring and stealing passwords from QQ, a popular Instant Messenging application in China.

On execution, the infected files drops and executes a copy of its propagation component into one of the the following path(s):
%Windir%\system\internat.exe
%Windir%\system\conime.exe

(Where %Windir% is the Windows folder; e.g. C:\Windows)

This worm tries to copy itself as setup.exe to the root of all available drives and shares as:
X:\autorun.inf (Windows autorun config file)
X:\setup.exe (W32/Cekar)

(Where X: is the drive letter of the hard drive, removable media or network drive).

It can also contact the following site(s) to upload stolen data or download further malware:
tx.993311.com
mm.21380.com
5y5.us
35561.com

Downloaded files are stored in the following path(s):
%Windir%\System\System32.vxd

The list of files probed across shares may be stored in
%Windir%\System\MCIWACE.INC

At the time of writing, these malicious sites were unavailable.

 
Symptoms -

Presence of the mentioned file(s).
Presence of setup.exe in the root of local drives, removable drives or network shares
Increase in size of EXE files
Some executable files may cease to run properly
Increase in disk activity (read and write)

 
Method of Infection -

W32/Cekar is a file infecting virus.  Infection starts with manual execution of the binary.
Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

McAfee
# Online Anti-Malware Scanners: http://scforum.info/index.php/topic,734.0.html

Samker's Computer Forum - SCforum.info

W32/Cekar
« on: 16. June 2007., 15:15:55 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising