Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Francette-H

Mar 16, 2004 12:34AM PST

Aliases
Worm.Win32.Francette.h, W32/Tumbi.worm.gen.b virus, W32.Francette.Worm, WORM_FRANCETTE.C

Type
Win32 worm

Description
W32/Francette-H is a network-aware worm that spreads to vulnerable computers as by taking advantage of the DCOM RPC vulnerability (MS03-026) and the Web Directory Traversal vulnerability (MS00-07Cool.
When run the worm adds the following registry entry ensuring that it will always be executed on system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Service

W32/Francette-H will connect to an IRC server and provides backdoor access via IRC channels.

http://www.sophos.com/virusinfo/analyses/w32francetteh.html

Discussion is locked