Backdoor.Win32.IRCBot.dt, Backdoor.Win32.IRCbot.dt, Generic.Sdbot.A026A9F7, IRC/BackDoor.SdBot.194.BO, W32/Downloader.C.gen!Eldorado
W32/IRCbot.gen.b , Net-Worm.Win32.Small.b
Category: Computer Worm
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
07 Feb 2005
The W32.Wallz application is a worm, which exploit the Microsoft Windows Local Security Authority Service Remote Buffer Overflow expressed in Microsoft Security Bulletin MS04-011. This worm propagates by randomly scanning Internet Protocol addresses for PCs at risk to this threat. It affects Windows 95, Windows 2000, Windows 98, Windows NT, Windows Me, Windows XP and Windows Server 2003.
W32.Wallz Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Wallz from your computer.
More details about W32.Wallz
W32.Wallz is a malware that was made with an intention to steal personal information from your computer. This application was written for all windows Operating System. This program attempts to spread its copies in local network and as well send W32.Wallz by email list. It scans random Internet Protocol addresses for at risk computers, and tries to exploit Microsoft Windows Local Security Authority Service Remote Buffer Overflow making use of TCP port 445. Once this worm successfully exploits this vulnerability on a network device, it would send shell code, which runs and creates a copy of the worm on the network device. It as well connects to an IRC server to log the Internet Protocol address of each effectively exploited PC.
The W32.Wallz software may be spread via e-mail, instant messages, or IRC. Drive-by-downloads, downloader programs, and file sharing programs may also expose the user to this infection. Installed programs can be suddenly launched or closed. Other malicious software can also be downloaded from the remote server. These can be executed in the system and added to the system registry.