|
There has
been much talk of a worm in the Gnutella system. This worm is a self replicating
file that spreads itself through the gnutella system.
What
Does It Do?
- You
download the worm file which is named with a false name
- You
execute the worm file (the worm file has a *.vbs extension)
- The
worm replicates itself and writes more files without you knowing
- These
files are added to the shared files on Gnutella so that they can be
downloaded from your computer
In this
way the worm replicates and spreads itself through the Gnutella system.
What
is a VBS file? - A VBS file is a Visual Basic Script file that will
be run by the Microsoft Scripting Engine. This is executed code, like
a program that can access and modify data on your computer.
What
are the file names for this worm? - The worm uses an array of names
that are held within the script file itself. These names are:
- "ASF
Compressor (No quality loss).vbs"
- "Gladiator.vbs"
- "Battlefield
Earth.vbs"
- "Evangelion
complete episodes scripts.vbs"
- "Scan
Master checklist.vbs"
- "Alicia
Silverstone.vbs"
- "Pearl
Jam.vbs"
- "Mp3
compressor (Half the size but same quality).vbs"
- "Napster
Metallica Crack.vbs"
- "Santana.vbs"
- "NSync.vbs"
- "Nirvana.mp3.vbs"
- "Shania
Twain.mp3.vbs"
- "Jesus
loves you.vbs"
- "Gnutella
upgrade.vbs"
- "OFFICIAL
Gnutella Option Pack.vbs"
There
are a selection of other file names that were removed for the purposes
of keeping this a clean site.
Will
this worm harm my computer? - Not this particular worm, but worms
and viruses, that are easily spread with Gnutella, may harm your computer.
How Can It Be Removed?
It can be
removed fairly easily. It only writes a few files to your PC which once
removed will stop the spread of the worm from your PC. The files you need
to delete are:
- Yet
another GWV! ('long number').zip". - In your Gnutella Directory
- All
occurances of files with *.vbs as their filename in that directory.
You then
need to open Gnutella and check the directories that you are sharing.
The worm adds the Gnutella directory to the list, so remove that. Then
check out the file extensions list and remove all occurances of "*.vbs;"
which the worm has added to the list.
Precations
to Take
As with
any file sharing application you should not be executing programs of which
you don't know the origin. Just because the filename says it is one thing
it doesn't mean it is. Nasty viruses could be spread easily. Only download
unharmful file types and virus check all downloads.
|
![Wildfire Home Image [4k]](../utility/home2.gif){kind=small}