Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Deadhat-B

Feb 16, 2004 12:43AM PST

Aliases
Worm.Win32.Vesser.b, W32.HLLW.Deadhat.B, WORM_DEADHAT.B

Type
Win32 worm

Description
W32/Deadhat-B is a worm that spreads via the SoulSeek file sharing network and computers infected with the W32/MyDoom worm.
W32/Deadhat-B creates a copy of itself in the system folder with the filename msgsrv32.exe and sets the following registry entry so that the worm is run when Windows starts up:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\msgsrv32

The worm copies itself to the shared folder of an existing SoulSeek installation using the following filenames:


Read more:

http://www.sophos.com/virusinfo/analyses/w32deadhatb.html

Discussion is locked