Alias: W32.HLLW.Deadhat (Symantec),
W32/Deadhat.womr.a (McAfee),
Win32.Vesser.A,
Win32/Deadhat.A.Worm,
Worm.Win32.Vesser (Kaspersky)
Category: Win32
Type: Worm
Published Date: 2/8/2004
Last Modified: 2/9/2004
CHARACTERISTICS
Win32.Deadhat is a worm spreading through peer-to-peer (P2P) file-sharing networks and through a backdoor installed by the Win32.Mydoom worms.
Method of Installation
When executed, the worm creates the mutex: " Y&T " in order to make sure there is only one instance of the worm running at any given time.
The worm copies itself to the System directory as sms.exe and runs this file. The dropped file modifies the registry in order to execute at the next system re-boot:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KernelFaultChkHKL = "%System%\sms.exe
More: http://www3.ca.com/virusinfo/virus.aspx?ID=38224
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
Win32.Deadhat.A
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic