eScan : Secure – Scalable – Reliable : Antivirus, Content Security and Firewall Protection for Servers and Endpoints

eScan Wiki Forum

eScan Forum RSS

eScan Feeds

Home | Events | Bookmark | Recommend eScan | Technical Support

Our Vision | Management Profile | About us | Careers | News

Virus Information

Summary


Profile	Prevalence: Medium

Name	W32/Demotry-B
Type	Worm
How it spreads	Network Shares
Affected operating systems	Windows
Aliases	--
Date of surface	19 August 2005

Description

Recovery

You have to remove the virus. You need to do one of the following things:

1) The latest virus vaccine update of eScan removes the worm from your system. Ensure that Internet access for your system is running. Right click on

and click Download eScan update. The latest updates are downloaded,your system is scanned and the worm is removed.

OR

2) Download the free MicroWorld Anti Virus Toolkit (MWAV Tool Kit). The tool checks your machine for viruses. If any illegal dialers or sniffer tools have been installed they are detected.

MWAV Tool Kit
(Download the free MicroWorld Anti Virus Toolkit that detects viruses in system registry and running processes)

Link 1
Link 2
Link 3

eScan Internet Security Suite (ISS)
(Download MicroWorld`s eScan that detects viruses in system registry,running processes and has a real time monitor)

Link 1
Link 2
Link 3
Link 4
Link 5
Link 6

Advanced

This is a network worm for the Windows platform. The worm scans network computers on port 445.

W32/Demotry-B copies itself through network shares and mapped logical drives. In come cases, it inserts several spaces between the filename and the EXE file extension. Other filenames may be used by the worm which are randomly generated or include non-printable characters.

When first run W32/Demotry-B copies itself to:

\iexplorer .exe
"Windows"\iexplorer .exe
"System"\iexplorer .exe

The following registry entry is created to run "iexplorer .exe" on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ALG.EXE
"iexplorer .exe"

| More