Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Eyeveg.worm.c

Feb 22, 2004 11:14AM PST

Virus Information
Discovery Date: 02/20/2004
Origin: Unknown
Length: 42,496
Type: Virus
SubType: Open Share Worm

This variant of the worm contains network sharing, backdoor and password stealing capabilities.

When run, the worm copies itself to the Windows System directory (%SYSDIR%) using a random file name. It creates the following registry key in order to load itself at Windows startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run "random string" = "%SYSDIR%\(random filename).exe"
The worm periodically connects to the following website on port 2334:

www.melaniecarroll.biz
The port is left open for remote access, where the following functions may be performed:

Read more: http://vil.nai.com/vil/content/v_101041.htm

Discussion is locked