![Administration Server Was Improperly Installed Kaspersky Administration Server Was Improperly Installed Kaspersky](https://s3.manualzz.com/store/data/032516963_1-f12cf1945662c737eada8bd27a386e26-360x466.png)
In order to spread from infected messages, the worm uses an “IFRAME” trick the vulnerability described at: Usually this is “My Documents” or a randomly selected file on the C: drive. HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShell FoldersPersonal
![Administration Server Was Improperly Installed Kaspersky Administration Server Was Improperly Installed Kaspersky](http://sitecampaign604.weebly.com/uploads/1/2/3/9/123915189/687633839.jpg)
Subjects are chosen from the name of a randomly selected file from a folder: The infected messages are of HTML format and contain: by using MAPI, connects to MS Exchange e-mail boxes and obtains e-mail addresses from there. scans *.HTM and *.HTML files and looks for e-mail-like stringsĢ. In order to obtain victim e-mail addresses, the worm uses two ways:ġ. In order to send infected messages, the worm connects to a host machine by using SMTP protocol, and sends its copies to victim addresses.
Administration Server Was Improperly Installed Kaspersky windows#
Depending on the Windows version, the worm affects the EXLORER.EXE process, and may run its routines as an EXPLORER’ background process (thread). The worm then runs its spreading and payload routines. The worm also copies itself to a Temporary directory with random MEP*.TMP andĮXE files have Hidden and System attributes, as well as a LOAD.EXE file (see above). The last one is then registered in the auto-run section in a SYSTEM.INI file: To the Windows system directory with RICHED20.DLL (and overwrites original Windows RICHED20.DLL file) and with the LOAD.EXE name. To the Windows directory with the MMC.EXE name
![Administration Server Was Improperly Installed Kaspersky Administration Server Was Improperly Installed Kaspersky](https://support.kaspersky.com/images/ksc10_9793_0213-191082.png)
While installing, the worm copies itself: The worm contains the following “copyright” text string:Ĭoncept Virus(CV) V.5, Copyright(C)2001 R.P.China The worm then installs itself to the system, and runs a spreading routine and payload. In order to run from an infected message, the worm exploits a security breach. The worm itself is a Windows PE EXE file about 57Kb in length, and is written in Microsoft C++. This is a virus-worm that spreads via the Internet attached to infected e-mails, and copies itself to shared directories over a local network, and also attacks vulnerable IIS machines (Web sites).