Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Lamecada-D

Mar 10, 2004 12:17AM PST

Aliases
Backdoor.Agobot.fo

Type
Win32 worm

Description
W32/Lamecada-D can be used as a backdoor IRC server and network worm to initiate attacks on remote computers. When executed this program may open the local TCP ports 30001, 63000 and 63001 and two others chosen at random.
This worm will also move itself into the Windows System32 folder using the filename NVCHIP4.EXE and set the following registry entries so that it is executed upon restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nVidia Chip4
= NVCHIP4.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\nVidia Chip4
= NVCHIP4.EXE

W32/Lamecada-D can be used to initiate denial-of-service (DoS) and network flood attacks.


More: http://www.sophos.com/virusinfo/analyses/w32lamecadad.html

Discussion is locked