Virus Hybris
Hybris is a worm that spreads by email as an attachment to outgoing email messages.
When the worm attachment is executed, this Trojan infects Wsock32.dll. Once the worm has infected wsock32.dll, it has the ability to monitor the Internet connection as well as incoming and outgoing email traffic. The worm then scans for email addresses. When an email address is detected whether on an Internet site or in email being sent or received, the worm sends an infected message to the detected address. Whenever you send email, the worm sends a second message to the same person, attaching a copy of itself using a randomly generated file name.
If you computer was invected with Hybris you should replace Wsock32.dll from original OS package.
The worm attempts to connect to a certain website to uploads and download its own plug-ins. One of the plug-ins generates a spiral image. Upon execution, the plug-in draws a large black and white spiral image. This worm also has a plug-in that infects executable programs. Virus code creates a temporary file with an .exe extension in the TEMP folder and executes it. It then deletes the temporary executable.
The worm adds a registry entry to one of the following subkeys:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\RunOnce
This enables the Trojan to run at every Windows startup.
© Copyright 2000-2008 AnVir Software. All Rights Reserved.
