W32.Squirm@mm is an Internet worm that is written in C++ and is packed with PEBundle. It attempts to spread using the following methods:

By email, it sends itself to the contacts in the Microsoft Outlook Address Book, with the following message:

From: support@microsoft.com
Subject: Microsoft Security Bulletin
Message:
Unchecked Buffer in Windows Explorer Could Enable System Compromise (329390)

Summary
Who should read this bulletin: Customers using Microsoft Windows 95,98,2K,ME,XP
Impact of vulnerability: Run code of an attacker's choice

Maximum Severity Rating: Critical

Recommendation: Customers using Microsoft Windows 95,98,2K,ME,XP should apply the patch immediately.

Attachment: patch.zip or patch_329390.exe

Through file sharing applications, including KaZaA, Morpheus, eDonkey, Grokster, LimeWire, GNucleus, BearShare, Direct Connect, and ICQ, by placing itself in their default shared folders, if the programs are installed.

By using DCC, the worm sends in IRC.

The worm sends a notification to its author when a host is infected and listens on port 61282 for a connection.

As for the remedies...do this,friends..
1.Disable System Restore (Windows Me/XP).
2.Update the virus definitions.
3.Run a full system scan and delete all the files detected as W32.Squirm@mm.
4.Delete the value that was added to the registry

Bet ya all know how..right..

Additional information:

The worm may drop the following files:

C:\Program Files\Gnucleus\Downloads\Incoming\ICQ Hack.Exe
C:\Program Files\Gnucleus\Downloads\ICQ Hack.Exe
C:\Program Files\KMD\My Shared Folder\ICQ Hack.Exe
C:\Program Files\Bearshare\Shared\ICQ Hack.Exe
C:\Program Files\Kazaa Lite\My Shared Folder\ICQ Hack.Exe
C:\Program Files\Kazaa\My Shared Folder\ICQ Hack.Exe
C:\Program Files\Morpheus\My Shared Folder\ICQ Hack.Exe
C:\Program Files\Edonkey2000\Incoming\ICQ Hack.Exe
C:\Program Files\Direct Connect\Received Files\ICQ Hack.Exe
C:\Program Files\Grokster\My Grokster\ICQ Hack.Exe
C:\Program Files\Limewire\Shared\ICQ Hack.Exe
C:\Program Files\Icq\Shared Files\ICQ Hack.Exe
C:\Program Files\Gnucleus\Downloads\Incoming\Connection Booster.Exe
C:\Program Files\Gnucleus\Downloads\Connection Booster.Exe
C:\Program Files\KMD\My Shared Folder\Connection Booster.Exe
C:\Program Files\Bearshare\Shared\Connection Booster.Exe
C:\Program Files\Kazaa Lite\My Shared Folder\Connection Booster.Exe
C:\Program Files\Kazaa\My Shared Folder\Connection Booster.Exe
C:\Program Files\Morpheus\My Shared Folder\Connection Booster.Exe
C:\Program Files\Edonkey2000\Incoming\Connection Booster.Exe
C:\Program Files\Direct Connect\Received Files\Connection Booster.Exe
C:\Program Files\Grokster\My Grokster\Connection Booster.Exe
C:\Program Files\Limewire\Shared\Connection Booster.Exe
C:\Program Files\Icq\Shared Files\Connection Booster.Exe
C:\Program Files\Gnucleus\Downloads\Incoming\Serials Collections.Exe
C:\Program Files\Gnucleus\Downloads\Serials Collections.Exe
C:\Program Files\KMD\My Shared Folder\Serials Collections.Exe
C:\Program Files\Bearshare\Shared\Serials Collections.Exe
C:\Program Files\Kazaa Lite\My Shared Folder\Serials Collections.Exe
C:\Program Files\Kazaa\My Shared Folder\Serials Collections.Exe
C:\Program Files\Morpheus\My Shared Folder\Serials Collections.Exe
C:\Program Files\Edonkey2000\Incoming\Serials Collections.Exe
C:\Program Files\Direct Connect\Received Files\Serials Collections.Exe
C:\Program Files\Grokster\My Grokster\Serials Collections.Exe
C:\Program Files\Limewire\Shared\Serials Collections.Exe
C:\Program Files\Icq\Shared Files\Serials Collections.Exe
C:\Program Files\Gnucleus\Downloads\Incoming\Hotmail Hack.Exe
C:\Program Files\Gnucleus\Downloads\Hotmail Hack.Exe
C:\Program Files\KMD\My Shared Folder\Hotmail Hack.Exe
C:\Program Files\Bearshare\Shared\Hotmail Hack.Exe
C:\Program Files\Kazaa Lite\My Shared Folder\Hotmail Hack.Exe
C:\Program Files\Kazaa\My Shared Folder\Hotmail Hack.Exe
C:\Program Files\Morpheus\My Shared Folder\Hotmail Hack.Exe
C:\Program Files\Edonkey2000\Incoming\Hotmail Hack.Exe
C:\Program Files\Direct Connect\Received Files\Hotmail Hack.Exe
C:\Program Files\Grokster\My Grokster\Hotmail Hack.Exe
C:\Program Files\Limewire\Shared\Hotmail Hack.Exe
C:\Program Files\Icq\Shared Files\Hotmail Hack.Exe
C:\Program Files\Gnucleus\Downloads\Incoming\Norton Keygen-All Vers.Exe
C:\Program Files\Gnucleus\Downloads\Norton Keygen-All Vers.Exe
C:\Program Files\KMD\My Shared Folder\Norton Keygen-All Vers.Exe
C:\Program Files\Bearshare\Shared\Norton Keygen-All Vers.Exe
C:\Program Files\Kazaa Lite\My Shared Folder\Norton Keygen-All Vers.Exe
C:\Program Files\Kazaa\My Shared Folder\Norton Keygen-All Vers.Exe
C:\Program Files\Morpheus\My Shared Folder\Norton Keygen-All Vers.Exe
C:\Program Files\Edonkey2000\Incoming\Norton Keygen-All Vers.Exe
C:\Program Files\Direct Connect\Received Files\Norton Keygen-All Vers.Exe
C:\Program Files\Grokster\My Grokster\Norton Keygen-All Vers.Exe
C:\Program Files\Limewire\Shared\Norton Keygen-All Vers.Exe
C:\Program Files\Icq\Shared Files\Norton Keygen-All Vers.Exe
C:\Program Files\Gnucleus\Downloads\Incoming\Hacker.Scr
C:\Program Files\Gnucleus\Downloads\Hacker.Scr
C:\Program Files\KMD\My Shared Folder\Hacker.Scr
C:\Program Files\Bearshare\Shared\Hacker.Scr
C:\Program Files\Kazaa Lite\My Shared Folder\Hacker.Scr
C:\Program Files\Kazaa\My Shared Folder\Hacker.Scr
C:\Program Files\Morpheus\My Shared Folder\Hacker.Scr
C:\Program Files\Edonkey2000\Incoming\Hacker.Scr
C:\Program Files\Direct Connect\Received Files\Hacker.Scr
C:\Program Files\Grokster\My Grokster\Hacker.Scr
C:\Program Files\Limewire\Shared\Hacker.Scr
C:\Program Files\Icq\Shared Files\Hacker.Scr
C:\Program Files\Gnucleus\Downloads\Incoming\Credit Card.Exe
C:\Program Files\Gnucleus\Downloads\Credit Card.Exe
C:\Program Files\KMD\My Shared Folder\Credit Card.Exe
C:\Program Files\Bearshare\Shared\Credit Card.Exe
C:\Program Files\Kazaa Lite\My Shared Folder\Credit Card.Exe
C:\Program Files\Kazaa\My Shared Folder\Credit Card.Exe
C:\Program Files\Morpheus\My Shared Folder\Credit Card.Exe
C:\Program Files\Edonkey2000\Incoming\Credit Card.Exe
C:\Program Files\Direct Connect\Received Files\Credit Card.Exe
C:\Program Files\Grokster\My Grokster\Credit Card.Exe
C:\Program Files\Limewire\Shared\Credit Card.Exe
C:\Program Files\Icq\Shared Files\Credit Card.Exe
C:\Program Files\Morpheus\My Shared Folder\Cracks Collections.Exe
C:\Program Files\Edonkey2000\Incoming\Cracks Collections.Exe
C:\Program Files\Direct Connect\Received Files\Cracks Collections.Exe
C:\Program Files\Gnucleus\Downloads\Incoming\Cracks Collections.Exe
C:\Program Files\Gnucleus\Downloads\Cracks Collections.Exe
C:\Program Files\KMD\My Shared Folder\Cracks Collections.Exe
C:\Program Files\Bearshare\Shared\Cracks Collections.Exe
C:\Program Files\Kazaa Lite\My Shared Folder\Cracks Collections.Exe
C:\Program Files\Kazaa\My Shared Folder\Cracks Collections.Exe
C:\Program Files\Grokster\My Grokster\Cracks Collections.Exe
C:\Program Files\Limewire\Shared\Cracks Collections.Exe
C:\Program Files\Icq\Shared Files\Cracks Collecions.Exe
C:\Program Files\Gnucleus\Downloads\Incoming\Simpsons.Exe
C:\Program Files\Gnucleus\Downloads\Simpsons.Exe
C:\Program Files\KMD\My Shared Folder\Simpsons.Exe
C:\Program Files\Bearshare\Shared\Simpsons.Exe
C:\Program Files\Kazaa Lite\My Shared Folder\Simpsons.Exe
C:\Program Files\Kazaa\My Shared Folder\Simpsons.Exe
C:\Program Files\Morpheus\My Shared Folder\Simpsons.Exe
C:\Program Files\Edonkey2000\Incoming\Simpsons.Exe
C:\Program Files\Direct Connect\Received Files\Simpsons.Exe
C:\Program Files\Grokster\My Grokster\Simpsons.Exe
C:\Program Files\Limewire\Shared\Simpsons.Exe
C:\Program Files\Icq\Shared Files\Simpsons.Exe
C:\Program Files\Gnucleus\Downloads\Incoming\XXX Virtual Sex.Scr
C:\Program Files\Gnucleus\Downloads\XXX Virtual Sex.Scr
C:\Program Files\KMD\My Shared Folder\XXX Virtual Sex.Scr
C:\Program Files\Bearshare\Shared\XXX Virtual Sex.Scr
C:\Program Files\Kazaa Lite\My Shared Folder\XXX Virtual Sex.Scr
C:\Program Files\Kazaa\My Shared Folder\XXX Virtual Sex.Scr
C:\Program Files\Morpheus\My Shared Folder\XXX Virtual Sex.Scr
C:\Program Files\Edonkey2000\Incoming\XXX Virtual Sex.Scr
C:\Program Files\Direct Connect\Received Files\XXX Virtual Sex.Scr
C:\Program Files\Grokster\My Grokster\XXX Virtual Sex.Scr
C:\Program Files\Limewire\Shared\XXX Virtual Sex.Scr
C:\Program Files\Icq\Shared Files\XXX Virtual Sex.Scr
C:\Program Files\Gnucleus\Downloads\Incoming\Cracker Game.Exe
C:\Program Files\Gnucleus\Downloads\Cracker Game.Exe
C:\Program Files\KMD\My Shared Folder\Cracker Game.Exe
C:\Program Files\Bearshare\Shared\Cracker Game.Exe
C:\Program Files\Kazaa Lite\My Shared Folder\Cracker Game.Exe
C:\Program Files\Kazaa\My Shared Folder\Cracker Game.Exe
C:\Program Files\Morpheus\My Shared Folder\Cracker Game.Exe
C:\Program Files\Edonkey2000\Incoming\Cracker Game.Exe
C:\Program Files\Direct Connect\Received Files\Cracker Game.Exe
C:\Program Files\Grokster\My Grokster\Cracker Game.Exe
C:\Program Files\Limewire\Shared\Cracker Game.Exe
C:\Program Files\Icq\Shared Files\Cracker Game.Exe
C:\Program Files\Gnucleus\Downloads\Incoming\Matrix Reloaded.Scr
C:\Program Files\Gnucleus\Downloads\Matrix Reloaded.Scr
C:\Program Files\KMD\My Shared Folder\Matrix Reloaded.Scr
C:\Program Files\Bearshare\Shared\Matrix Reloaded.Scr
C:\Program Files\Kazaa Lite\My Shared Folder\Matrix Reloaded.Scr
C:\Program Files\Kazaa\My Shared Folder\Matrix Reloaded.Scr
C:\Program Files\Morpheus\My Shared Folder\Matrix Reloaded.Scr
C:\Program Files\Edonkey2000\Incoming\Matrix Reloaded.Scr
C:\Program Files\Direct Connect\Received Files\Matrix Reloaded.Scr
C:\Program Files\Grokster\My Grokster\Matrix Reloaded.Scr
C:\Program Files\Limewire\Shared\Matrix Reloaded.Scr
C:\Program Files\Icq\Shared Files\Matrix Reloaded.Scr

teach ya all something too
to delete the registry is like this...
P/s: always back up your windows registry b4 doing this

Click Start, and then click Run. (The Run dialog box appears.)
Type regedit

Then click OK. (The Registry Editor opens.)

Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

In the right pane, delete the value:

"CPUManager"="%Windir%\cpumgr.exe"

Exit the Registry Editor.

Thank you Lara_tx.
Your vigilance is much appreciated. http://www.tombraiderforums.com/images/smilies/wave.gif

I'm glad people like Lara TX are on the lookout for bugs. http://www.tombraiderforums.com/images/smilies/wave.gif

But I really didn't understand the message, I was only intmidated by it. http://www.tombraiderforums.com/images/smilies/redface.gif

Now I'm sitting here eeven more paranoid than normal.

http://www.tombraiderforums.com/images/smilies/yikes.gif http://www.tombraiderforums.com/images/smilies/yikes.gif

Hi John Falstaff http://www.tombraiderforums.com/images/smilies/wave.gif
I really don't understand any of the virus warnings either, I am just glad to be aware of them. They make me quite paranoid as well, I remember when I didn't worry about them at all...I believe that was long ago last week. ;)

Hi Isabella,

http://www.tombraiderforums.com/images/smilies/wave.gif

The paranoia curve is definately rising, sharpely. But I'm in a situation where I cannot afford to have my PC crash or whatever.

But instructions on a lot of help sites read to me like 'go to blah, enable the whosis, get to your firewall - turn it inside out and shake it all about etc:.

I would REALLY be grateful if anyone knew a website, book or thingamajig that really explained all this for complete idiots. http://www.tombraiderforums.com/images/smilies/clown.gif :(

Thank goodness I don't use any Gnuellta-based p2p apps. Its easy to get viruses through them since they all depend on a server.

I agree with you John it needs to be done in layman's terms with lots of screenshots of what we have to do

I'm just glad we finally got a firewall today. ;)

Hi y'all,

http://www.tombraiderforums.com/images/smilies/wave.gif

Andrew II, no criticism of you is intended at all, but while I could understand the second sentence of your post, the first might as well have been written in cuneiform or sanskrit as far as I'm concerned. Not your fault I know! http://www.tombraiderforums.com/images/smilies/clown.gif

Neil's idea of screenshots is spot on.

Celli, I'm glad your glad that you've got a firewall (what ever that is). I just hope you remember to turn it insideout and shake it all about! http://www.tombraiderforums.com/images/smilies/jumper.gif

LMAO! http://www.tombraiderforums.com/images/smilies/jumper.gif I dunno really what it does either, but it's keeping my computer safe! :D ;)

This is your Registry Editor (http://chibichan2.homestead.com/files/registry_editor.gif). Anyhow,you don't want to edit or delete the wrong keys. Doing so,would either stop your programs from loading up; or worst, stop Windows from booting up,which would force you to reinstall Windows.

If you must in some way have your registry edited, I suggest you leave to someone who's a professional and troubleshoot computer problems, like me for instance.

BTW, you know its pretty much good that the MacOS don't use a registry. No worry from viruses or worries about deleting the wrong keys.

Registry Editor? What this? http://www.tombraiderforums.com/images/smilies/redface.gif

Florida and France are a long way apart!

Do you think there may be computer experts here?

*raises hand*

I think he means certified persons in the sovereign nation of France...

If only this could be dumbed-down to 3rd grade level, because then maybe I could understand it...

Darn computer lingo..:grumble:

Originally posted by John Falstaff:
Hi Isabella,



But instructions on a lot of help sites read to me like 'go to blah, enable the whosis, get to your firewall - turn it inside out and shake it all about etc.So you were able to decipher 'blah'. Here I thought it said yada. ;)

The screen shots would be a wonderful idea, I think that would have helped a great deal.

hi,there,people...pretty active there...hmm,why do i always miss the best part?Alright,back it up,keep ya in defend mode...we got a bug to settle