Just a little info I think u should all know considering my Norton Antivirus picked this up when I tried to open something up that I downloaded from KazaaLite thinking it was something else.. :D

W32.Kwbot.F.Worm

Copies itself to the %Windir%\sCache32 folder as the following filenames:

2 Find MP3 8.2.0.exe
AC3-MP3 converter.exe
ACDSee 5.5b.exe
ACDSee Classic 2.79.exe
Ad-aware 6.5 (new)Download Accelerator Plus 6.3.exe
Adobe Acrobat Reader 5.6.exe
Adobe PhotoShop 7.1 crack.exe
All Editor 3.0b.exe
AOL Instant Messenger 6.1.exe
Auction Sentry (new).exe
AudioLabel CD Labeler 3.0 (+crack).exe
Battlefied1942 Pack4 (crack+bloodpatch).exe
BearShare 5.1.1.exe
C&C Generals Pack2 (new patch).exe
Complete UK Music Database 4.2.exe
DirectDVD 4.9.exe
DivX Bundle 6.2.exe
DivX edit (new).exe
DivX Video Bundle 5.5.1.exe
DvD Rip guide (+tools) st0rm.exe
Dynamite Downloads.exe
Easy CD Creator Software Update.exe
FlashFXP (keygen).exe
FreeRip 4.30.exe
Genie Stream 3.2.4.exe
GetRight 5.5 + crack.exe
Global DiVX Player 2.0.1.exe
Gothic 2 (m-patch).exe
Grokster 2.0.exe
Hacker Tutorial (by ph3Akz).exe
Half-Life keygen (+ogc hack).exe
HL keys (working).exe
I.G.I. 2 (new crack).exe
ICQ Lite beta (b2253).exe
ICQ Pro 2003a beta (b4600).exe
iMesh 4.1 beta.exe
iSnipeIt 5.0c.exe
James Bond 007 Nightfire crack.exe
Kazaa Media Desktop 2.5.exe
Kazaa Skins 1.8.exe
KaZooM MP3 Kazaa Accelerator 2.5.exe
Medal Of Honor (Allied Assault) crack.exe
Microangelo 6.0b.exe
mIRC 6.x addon patch.exe
mIRC s3th war-script.exe
Morpheus 2.6.exe
MP3 cut pro 3.0.exe
MSN Messenger 5.5.10.exe
Need for Speed 6 (new cars + crack).exe
NeoNapster 3.92.exe
Nero Burning ROM 5.8.2.4.exe
Network Cable + ADSL Speed 2.0 (beta).exe
New Nvidia (geForce) drivers (beta).exe
Nimo Codec Pack 9.0 (stable).exe
Nvidia Detonator XP Drivers (Windows XP/2000).exe
Operation Flashpoint (bloopatch).exe
Patch Creator 3.5a.exe
PhotoShow 3.1.exe
Pop-Up Stopper 4.0 (beta).exe
Ps2 to Pc tutorial (+tool).exe
QuickTime 7.2 (new).exe
Raven Shield 5.32 crack.exe
RealJukebox Basic 2.8.exe
RealOne Free Player 2.8.exe
RemoteSpy 1.5.exe
Sim City 4 crack.exe
Splinter Cell crack.exe
TitJiggle (flash game).exe
Trillian 0.8 + plugins.exe
UniversalFlood (4.8b).exe
Unreal2 (2.8) crack.exe
UT2003 multi-crack (new).exe
Warcraft3 battle.net(2.5) crack.exe
Window Washer 4.8.exe
WinMX 3.5.1.exe
WinRAR 3.8.exe
WinZip 8.3b (crack).exe
WinZip 9.0 SR-1.exe
Wippit 2.1 (beta).exe
WS_FTP LE 6.0.exe
XViD bundle (codec+tutorial).exe


6. Adds the values:

"Dir? 012345:"="%Windir%\sCache32"
"DisableSharing"="0"

NOTE: "?" in these values represents a number that the worm has chosen.

to these registry keys:

HKEY_CURRENT_USER\Software\Kazaa\LocalContent
HKEY_CURRENT_USER\Software\iMesh\Client\LocalContent

so that other KaZaA or iMesh users may download the files from the %Windir%\sCache32 folder.

Backdoor.Sdbot actions
When Backdoor.Sdbot, which is the Backdoor Trojan that the worm dropped, is executed, it does the following:

1. Copies itself as %System%\System32.exe.

2. Creates the value:

"Shell"="Explorer.exe %system%\System32.exe"

in the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

3. Waits for an Internet connection. When the Trojan detects a connection, it connects to a specific IRC server using port 6667, joins a specific channel, and notifies a hacker by sending them a private message.

4. Waits for commands that the hacker transmits using IRC. The commands allow the hacker to perform any of the following actions:
Deliver system and network information to the hacker.
Manage the self installation.
Download and execute files.
Perform Denial of Service (DoS) attacks.
Replicate across file-sharing networks, such as KaZaA and iMesh.

Click for more information about this virus: W32.Kwbot.F.Worm (http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.f.worm.html)

funny, i downloaded that winrar3.8.exe file earlier today.
luckily, NAV picked it up killed the download and deleted the worm

I downloaded some files (which I don't really download a lot on Kazaa Lite nowadays) and Norton always constantly find worms or viruses (and kills it) specially made for Kazaa. This is getting scary.

Iv Found All of these on my comp last night Because in some other post there was a link to see all o your files on the web or somethin and there were all of these ones in my shared list,PC cillin Never Picked it Up though So Im Getting Ready Now To Deleat Them All Now

NAV'll take it out... I check for updates every week (plus is auto updates normally)

Originally posted by ghost944@1 May 2003 - 05:31
Iv Found All of these on my comp last night Because in some other post there was a link to see all o your files on the web or somethin and there were all of these ones in my shared list,PC cillin Never Picked it Up though So Im Getting Ready Now To Deleat Them All Now
ghost944 it is not enought to just delete these files, becasue on your next reboot they will be there again, you have to update your virus program, I really never liked PC Cillin but that is me, and then do a full scan of your computer to remove the virus. Delete any file with the virus. Then do a restart and rescan just to make sure.

Bleh my version of some cheap branded antivirus seems to be screwing up on me.
Please recommend some good ones that I can use. Norton, Macafee...nid opinions.

RedRival, i would recommend norton antivirus 2003 and norton firewall 2003... just download it through kazaa...

Norton 2003 seems to do a good job. Also Mcafee is good but i do not like there firewall that is built in, but you can disable it. I like using McAfee version 4.5.1 (corp. edition). But the latest out is 6 I think.

I have Just Finished Deleteing those files with windows washer with bleach then went and deleated those reg keys that the link told me to delete just rebooted seen this post and checked the file they were in and they are not there so i think i have got rid of them.

Also my Pc Cillin is 2003 and is always up to date for firewalls i use sygate 5.0,Pc Cillins and Armour 2 net cuz it stops pop ups and cleans spyware.

Just checked again and they aint back yet.

Originally posted by ricky@1 May 2003 - 09:28
RedRival, i would recommend norton antivirus 2003 and norton firewall 2003... just download it through kazaa...
... or better yet, get Norton Internet Security 2003 (on k-lite, of course - 64MB file)

you could also try avg anti virus which is free there are also updates for it .
http://www.grisoft.com/html/us_index.htm?s...92919ebdda11004 (http://www.grisoft.com/html/us_index.htm?session=46d6d5ba31a134f2c92919ebdda11004)

norton and AVS, two best antivrius programs you can have, if you update them daily, your computer will be 100% virus free.

There are some times when the Norton Antivirus program can be a massive pain. If for example you insert any cd's with viruses on them into the cd-rom drive you can expect a bunch of messages every 30 seconds explaining that they can not be repaired. You can spend an hour checking your drive to run into some viruses that can not be repaired, qurantined or deleted only to find that you can easily remove the files with the del key. And to top it all off I pity you if you're using the 499mb version of windows xp pro off kazaa, then you get the fun of quaranteing parts of your operating system. Also the copy of Mircosoft office xp is infected as well through that might be a bit more difficult to fix.

Actually I would personally reccomend Norton Antivirus 2003, It's the best I've seen so far.

Why do people have the infected files on their hard drive anymore? If they DL a file who is a trojan or anything else, delete it!

*Keeps staring at my Kazaa-found NAV 2003 Pro :) *

There are some times when the Norton Antivirus program can be a massive pain. If for example you insert any cd's with viruses on them into the cd-rom drive

wtf? lol dude, you like keeping virus on your cd&#39;s? you like spreading them? how bid is your collection... <_< yeah sure annoying when norton gives you a msg warning every 30 seconds about a virus....maybe because its built to delete them, if its annoying, turn it off and it wont give you a msg if you like virus so much. <_<

well, i know that my computer wont get infected since my norton anti virus will detect it...good anti virus protector....anywayz you guys who dont have norton anti virus protecter..DOWNLOAD it itll save your computer&#33; :D :D :D

Yes, I agree. As soon as I got it it removed two common KaZaA worms and since then it&#39;s knocked out four more. I would also recommend Norton Internet Security which has prevented three intrusions so far. By the way, Norton AbtiVirus isn&#39;t just convienient to have, trust me it&#39;s essential. One in every three programs I get have viruses or worms now so if you don&#39;t get Norton, I would recommend not using KaZaA at all.

Yeah, you guys should check your mirrors because they are uploading us shitty versions of Kazaa Lite with a bunch of crap that goes in WINDOWS&#092;sCache32. I don&#39;t want to be one spreading viruses all over the net, and a lot of these viruses are renamed to the most popular programs out there, but better versions, so it intrigues you to download them, like Winzip 9.0??? The latest version is 8.1. Anyways, I had 8 music files on my comp that I downloaded off Kazaa because I had recently reformated my C:, but I saw that I was uploading things like Pop-Up Stopper to people, so I went to check my Shared Folder and turned off &#39;hide files&#39; and nothing was in there, then I searched my machine and found them in WINDOWS&#092;sCache32 and I knew that wasn&#39;t a regular folder, so I just deleted it. Now that those files are gone, I came to what I hope is the source of these problems, and I would suggest you check your mirrors to make sure they&#39;re not handing out anything we don&#39;t want. Thanks for the time and keep up the good work, as this is the best Kazaa Lite out there B)

Originally posted by MexicanJesus@6 May 2003 - 00:45
Yeah, you guys should check your mirrors because they are uploading us shitty versions of Kazaa Lite with a bunch of crap that goes in WINDOWS&#092;sCache32. I don&#39;t want to be one spreading viruses all over the net, and a lot of these viruses are renamed to the most popular programs out there, but better versions, so it intrigues you to download them, like Winzip 9.0??? The latest version is 8.1. Anyways, I had 8 music files on my comp that I downloaded off Kazaa because I had recently reformated my C:, but I saw that I was uploading things like Pop-Up Stopper to people, so I went to check my Shared Folder and turned off &#39;hide files&#39; and nothing was in there, then I searched my machine and found them in WINDOWS&#092;sCache32 and I knew that wasn&#39;t a regular folder, so I just deleted it. Now that those files are gone, I came to what I hope is the source of these problems, and I would suggest you check your mirrors to make sure they&#39;re not handing out anything we don&#39;t want. Thanks for the time and keep up the good work, as this is the best Kazaa Lite out there B)
http://securityresponse.symantec.com/avcen...bot.f.worm.html (http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.f.worm.html)

It&#39;s a well known virus that does NOT come from your K-Lite Installer. And deleting the folder you found the files in won&#39;t get rid of the virus, those files will soon be back.

the person who origionally posted this topic hasent got norton setup properly it should have stopped the download b4 it started as it did for me when i tried to download getright 5.5 wich has this worm

[B]Wow, I thought i was the only one that had contracted this virus&#33; :o I wasn&#39;t able to locate what file it came from, but am glad to know I was not crazy. My Norton Antivirus 2003 also detected it, whereas other antivirus programs missed it. Whew, I thought I was crazy, but I guess a little sanity still remains&#33; ;) :rolleyes:

What&#39;s really hilarious is that, by putting malicious code in files, the RIAA didn&#39;t defeat an enemy. The merely created a new enemy ... the people who develop and market anti-viral software and firewalls. In order for them to maintain the integrity of their product, they&#39;ll be forced to upgrade AV/firewalls to meet the new threats.

Originally posted by OlderThanDirt@6 May 2003 - 22:32
In order for them to maintain the integrity of their product, they&#39;ll be forced to upgrade AV/firewalls to meet the new threats.
Thus the cycle begins again. The ying/yang of filesharing. :)

I personally think that Norton is a waste of time - i do a lot of work in the former USSR ( where a lot of viruses emerge) and no company i have ever worked for uses norton any more - it just doesnt pick up a lot of the viruses, i had a virus on one machine , i knew it was there, i did a NAV update, scanned and guess what - it never picked the virus up, this has happened a lot of times.

I would reccomend using Kaspersky lab or the best one at the moment is called Dr.web - recently voted number 1 in russia BTW &#33;&#33;


Dont get me wrong if norton works for people and ur happy with it then fine, but just be aware it could be missing viruses that are there&#33;

cheers

R :ph34r:

Vary rarely will any of the anti virus software available pick up non public trojans.

All executable downloads should be treated as suspect IMO.

Originally posted by OlderThanDirt@7 May 2003 - 03:32
What&#39;s really hilarious is that, by putting malicious code in files, the RIAA didn&#39;t defeat an enemy. The merely created a new enemy ... the people who develop and market anti-viral software and firewalls. In order for them to maintain the integrity of their product, they&#39;ll be forced to upgrade AV/firewalls to meet the new threats.
Well that&#39;s good for their business, hardly an enemy, nor do I believe they are responsible for this worm.

By the way, the file that will re-seed the virus into your computer and recreate the registry changes and shared folders as many times as you delete them is named Xms32.exe, which is placed as a hidden file in c:/windows/system directory. This file is created the moment you try to open one of the infected files, which appears to do nothining, and they are all labled with small blue lettering that says "self extracting". This worm is very large as the file I downloaded had 774 sources.

yep this virus is everywere i checked out winrar 3.8 and guess what over 100 users with this file lmfao
and the funny thing is their is no winrar 3.8 or even 3.3 so this virus intention is to cripple the network IMO
also when you search for things lots and lots of the same file just keep appearing so give it a few weeks and this will be massive blow to kazaa. the network is going to cripple cant belive their is still thousands of people out there with no virus software or there to stupid to update the god damm thing.

i am its latest victim. I am on 98 and it copied it somewhere else i am doing a scan now.



ps i never had norton on

:( WHY HackerS Love 2 CRACKS OUR PCS ???????? i REALLY HATE THAT KIND OF PEOPLE THEY DESERVE 2 DIE DIE DIE DIE IN MY HANDS &#33;&#33;&#33;&#33;&#33;&#33;&#33; DO NOT SHARE VIRUSES &#33;&#33; SHARE ANIME IDIOTS &#33;&#33;&#33;&#33;&#33;


SHARE IS THE VERY MEANING OF OUR LIVES °°°°°&#33;&#33;&#33; KEEP SHARING &#33; :blink:

http://members.iinet.net.au/~burdens/sig2.jpg