XBlock By Actiance - Home
Someone Spying on You? Fight Back!
Currently Notice: Undefined variable: incprefix in /data/www/xblock/product_show.php on line 123 25,860,543 Spy Software Busted!
Full Name:
Type: Worm
Also Known As: Win32.Banish.A [Computer Associates], Email-Worm.Win32.Banish.{a, b} [Kaspersky Lab], W32/Banish.worm [McAfee], W32/Multie@MM [McAfee], W32/Banish-A [Sophos], WORM_BANISH.A [Trend Micro]
Danger Level: 7
Category Description: Virus-like program that spreads automatically to other computers by sending itself out by email or by any other means. A program that propagates itself by attacking other machines and copying itself to the affected machine.

Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.
Comment: A modified variant of Banish.A worm that attempts to block security sites with various IP filters.

Creates or modifies the following Keys

DeviceDesc Created IP Traffic Filter Driver
ClassGUID Created {8ECC055D-047F-11D1-A537-0000F8753ED1}
Class Created LegacyDriver
ConfigFlags Created 0
Legacy Created 1
Service Created IpFilterDriver


New Value: IpFilterDriver
New Value: 0

Value Name: key2 = C:\WINDOWS\system32\winlog.exe

Adds two files to the OS:

Back to the list of products removed by X-Cleaner

© Copyright 2003-2011, Actiance, Inc. All rights reserved.   Privacy Policy