Bugz Gunz = Virus.

Sharad Sat Jun 28, 2008 1:55 pm

Code:: Discovered: November 16, 2006 Updated: February 13, 2007 1:02:16 PM Type: Virus Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP When W32.Sality.V is executed, it performs the following actions: 1. Drops the following files: * %System%\wcdrtc32.dl_ - 17,876 bytes, detected as W32.Sality.V * %System%\wcdrtc32.dll - 25,600 bytes, detected as W32.Sality.V Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP). 2. Creates the following mutex: _kuku_joker_v3.10 3. Injects wcdrtc32.dll into explorer.exe process. 4. Infects .exe and .scr files on drives C to Z. 5. Numerates the following registry key entries and infects .exe files that are referenced as data values: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 6. Appends itself by creating a new section 'trdata'. The section size is 20,480 bytes. 7. Deletes files with the following extensions: * .vdb * .avp 8. Deletes .key files containing the following string: drw 9. Deletes files whose name starts with: * KAV * NOD * ANTI * SCAN * ZONE * ANDA * TROJ * TREN * ALER * CLEAN * OUTP * GUAR * AVP * BIDEF 10. Checks for Internet connection by querying the following URL: www.microsoft.com 11. Attempts to connect to the following URL: [http://]www.kukutrustnet7.in[REMOVED] 12. Appends the following lines to the file %System%\SYSTEM.INI: [MCIDRV-VER] DEVICE=[random_number]

Ah and for the perfect proof.

Bugz Gunz = Virus. Bugzgunzisavirusufukshiio5.th

Oh well, all in all, gunz.exe is a worm infected thing. I'd recommend all of you to go ahead and delete Gunz.exe and Gunzlauncher.exe, and then clean it(Google it).

Oh well have fun ^^ and I do hope the staff do come out with a clean version of Gunz.exe and Gunzlauncher.exe ^^