Overview This detection is for a worm which spreads by copying itself to network shared drives. It also has the ability to terminate security applications.CharacteristicsWhen the worm is executed, it creates a copy of itself using the following filenames:C:\BootEx.exe C:\Log.exe C:\WINDOWS\ErrorReport.exe C:\WINDOWS\MonitorMission.run C:\WINDOWS\MonitorSetup.exe C:\WINDOWS\regedif.exe C:\WINDOWS\SystemMonitor.exe C:\WINDOWS\Win System.exe C:\WINDOWS\windows.exe C:\WINDOWS\WinSystem C:\WINDOWS\WinSystem.exe C:\WINDOWS\WinSystem32.exe C:\WINDOWS\SYSTEM\mscomfig.exe C:\WINDOWS\SYSTEM\msiexece.exe C:\WINDOWS\SYSTEM\rundlI.exe C:\WINDOWS\SYSTEM\WindowsUpadate.exe C:\WINDOWS\SYSTEM\msidlI.exe C:\WINDOWS\SYSTEM\msiexee.exe C:\WINDOWS\SYSTEM\regedif32.exe C:\WINDOWS\SYSTEM\SCCONFIG.exe C:\WINDOWS\SYSTEM\WindowsProtection.exe...
