Alias: W32.HLLW.Deadhat (Symantec),
W32/Deadhat.womr.a (McAfee),
Win32.Vesser.A,
Win32/Deadhat.A.Worm,
Worm.Win32.Vesser (Kaspersky)
Category: Win32
Type: Worm
Published Date: 2/8/2004
Last Modified: 2/9/2004
CHARACTERISTICS
Win32.Deadhat is a worm spreading through peer-to-peer (P2P) file-sharing networks and through a backdoor installed by the Win32.Mydoom worms.
Method of Installation
When executed, the worm creates the mutex: " Y&T " in order to make sure there is only one instance of the worm running at any given time.
The worm copies itself to the System directory as sms.exe and runs this file. The dropped file modifies the registry in order to execute at the next system re-boot:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KernelFaultChkHKL = "%System%\sms.exe
More: http://www3.ca.com/virusinfo/virus.aspx?ID=38224

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic