W32/Cycle.A

Download VIRUSfighter NOW
W32/Cycle.A Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 5/11/2004 • Type: Worm
• Virus characteristics first published: 5/11/2004 • Spreading mechanism: Other
• Virus characteristics latest update: 6/9/2004 • Overall risk: Low
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal

 The following is a portion of the instant analysis done by the Norman Sandbox Technology:

[ General information ]
* File length:        10240 bytes.

[ Changes to filesystem ]
* Creates file C:WINDOWScyclone.txt.
* Creates file C:WINDOWSsystemsvchost.exe.

[ Network services ]
* Attempts to resolve name "www.irna.com".
* Connect port 80 [IP], IP 193.75.75.100.
* Checks wheter computer is connected to Internet.
* Attempts to resolve name "c.root-servers.net".
* Sends a ping request (ICMP.DLL) to 193.75.75.100.
* Connect port 69 [IP], IP 0.0.0.0.
* Connect port 80 [Unknown], IP 193.75.75.100.
* Attempts to resolve name "28.11.32.1".
* Connect port 445 [IP], IP 28.11.32.1.
* Connect port 3332 [IP], IP 0.0.0.0.

[ Security issues ]
* Exploits MS04-011 vulnerability.
* Possible backdoor functionality [UNKNOWN] port 3332.

[ Process/window information ]
* Creates a mutex Jobaka3.
* Creates a mutex JumpallsNlsTillt.
* Creates a mutex Jobaka3l.
* Creates a mutex SkynetSasserVersionWithPingFast.
* Enumerates running processes.
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter