Full Name:	Banish.B@mm Websearch   Read More
Type:	Worm
Also Known as:	Win32.Banish.A [Computer Associates], Email-Worm.Win32.Banish.{a, b} [Kaspersky Lab], W32/Banish.worm [McAfee], W32/Multie@MM [McAfee], W32/Banish-A [Sophos], WORM_BANISH.A [Trend Micro]
SG Index:	7 [Explain]
Category Description:	Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine. Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.
Comment:	A modified variant of Banish.A worm that attempts to block security sites with various IP filters. Creates or modifies the following Keys \SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\ DeviceDesc Created IP Traffic Filter Driver ClassGUID Created {8ECC055D-047F-11D1-A537-0000F8753ED1} Class Created LegacyDriver ConfigFlags Created 0 Legacy Created 1 Service Created IpFilterDriver \SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\ \SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control\ New Value: IpFilterDriver New Value: 0 Modifies: \SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Value Name: key2 = C:\WINDOWS\system32\winlog.exe Adds two files to the OS: winlog.exe winlog.dll
Properties:	Adds other software  Allows remote control  Autostarts/Stays Resident  Connects to the internet  Stealth Tactics

Click here to leave feedback for this product