There was a worm known as W0RM_NEWHUER.BE by TREND MICR0 attacking the server of my company recently. This worm creates two application files, i.e. WINW0RD.EXE and SERV1CES.EXE and also the duplication of all word documents in Shared folder into .exe format (You will see the icon as a Word document and have exactly the same filename as your word document, but be aware! It is an exe file and it spreads worm). The original word documents becomes hidden. When user mistakenly open the exe file, then the PC will in infected with W0RM_NEWHUER.BE. This is how the worm spreads.
A print screen of the scan results
If you don't have an antivirus software and you want to know whether you are infected by this worm, simply go to task manager, under processes tab, checked whether you have WINWORD.EXE and 2 SERVICES.EXE running. One SERVICES.EXE is run by the SYSTEM and another one is run by the user. The one running by the user is actually created by the worm. and the WINWORD.EXE is running even if you didn't run the Microsoft Word. However, to clear the worm, you will definitely need the antivirus software, a good one.
My company originally uses the 5ymantec Anti-V software. 5ymantec recognises the worm as TR0JAN H0RSE, however it couldn't remove the worm completely, even though you select "Delete permanently" option. The worm keep on appearing again and again.
Finally we got frustrated and decided to use TREND MICR0 and so the worm got wiped out. Now I am in the midst of installing the TREND MICR0 on 40++ PCs located widely dispersed in a large power plant. The installation process is damn slow and keep failing. Pity me.... there are still 17 PCs to go and I am already exhausted.
A print screen of the scan results
If you don't have an antivirus software and you want to know whether you are infected by this worm, simply go to task manager, under processes tab, checked whether you have WINWORD.EXE and 2 SERVICES.EXE running. One SERVICES.EXE is run by the SYSTEM and another one is run by the user. The one running by the user is actually created by the worm. and the WINWORD.EXE is running even if you didn't run the Microsoft Word. However, to clear the worm, you will definitely need the antivirus software, a good one.
My company originally uses the 5ymantec Anti-V software. 5ymantec recognises the worm as TR0JAN H0RSE, however it couldn't remove the worm completely, even though you select "Delete permanently" option. The worm keep on appearing again and again.
Finally we got frustrated and decided to use TREND MICR0 and so the worm got wiped out. Now I am in the midst of installing the TREND MICR0 on 40++ PCs located widely dispersed in a large power plant. The installation process is damn slow and keep failing. Pity me.... there are still 17 PCs to go and I am already exhausted.
No comments:
Post a Comment