Choose Your Language:
International
Login
CodeRed Detection and Removal Tool 1.0.0.115
-
License:
Freeware
-
Latest Version:
1.0.0.115
-
Editors' Review:
Not yet reviewed
-
Updated:
Mar 19, 2010
- Publisher:
-
Platform:
Windows
- Category:
- Subcategory:
-
File size:
0.03 Mb
-
Downloads:
175
CodeRed Detection and Removal Tool Description
CodeRed Detection and Removal Tool - Effective way of erasing the CodeRed malware
A simple and effective way of erasing the CodeRed malware
CodeRed Detection and Removal Tool is a lightweight utility that targets the Win32.IISWorm.CodeRed.F worm.
The virus exploits a buffer overflow vulnerability in the Microsoft Windows IIS Server, that runs on Microsoft Windows NT and Windows 2000. The patch and information about this problem can be found at the address:
http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
The worm begins spreading itself by sending HTTP queries. Unpatched machines will execute the worm code directly from memory. Once executed, the worm scans kernel32.dll 's export table for the GetProcAddress function and then finds the addresses of the functions needed for further spreading. It then exploits yet another bug in Microsoft Windows, the relative shell path vulnerability.
This particular vulnerability is used to load another shell program instead of the usual explorer.exe (found in %WINDIR%) by writing a file named explorer.exe in the %SYSTEMROOT% directory. The worm checks whether Chinese (either Traditional or Simplified) is the language installed on the system. If it is Chinese, it creates 600 threads and spreads for 48hours. On a non-Chinese system it creates 300 threads and spreads for 24 hours.
After that, it reboots the system using ExitWindowEx function. The worm dumps part of its body to %SYSTEMROOT%explorer.exe, which is in fact a trojan component, allowing the attacker to remotely access the infected computers.
The trojan component modifies the registry key:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable]
to disable file system security and allows a remote attacker to access drives C: and D: via a web browser by adding read/write rights using the registry key:
[HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\Virtual Roots]
A simple and effective way of erasing the CodeRed malware
CodeRed Detection and Removal Tool is a lightweight utility that targets the Win32.IISWorm.CodeRed.F worm.
The virus exploits a buffer overflow vulnerability in the Microsoft Windows IIS Server, that runs on Microsoft Windows NT and Windows 2000. The patch and information about this problem can be found at the address:
http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
The worm begins spreading itself by sending HTTP queries. Unpatched machines will execute the worm code directly from memory. Once executed, the worm scans kernel32.dll 's export table for the GetProcAddress function and then finds the addresses of the functions needed for further spreading. It then exploits yet another bug in Microsoft Windows, the relative shell path vulnerability.
This particular vulnerability is used to load another shell program instead of the usual explorer.exe (found in %WINDIR%) by writing a file named explorer.exe in the %SYSTEMROOT% directory. The worm checks whether Chinese (either Traditional or Simplified) is the language installed on the system. If it is Chinese, it creates 600 threads and spreads for 48hours. On a non-Chinese system it creates 300 threads and spreads for 24 hours.
After that, it reboots the system using ExitWindowEx function. The worm dumps part of its body to %SYSTEMROOT%explorer.exe, which is in fact a trojan component, allowing the attacker to remotely access the infected computers.
The trojan component modifies the registry key:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable]
to disable file system security and allows a remote attacker to access drives C: and D: via a web browser by adding read/write rights using the registry key:
[HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\Virtual Roots]
CodeRed Detection and Removal Tool 1.0.0.115 is licensed as Freeware for the Windows operating system / platform. CodeRed Detection and Removal Tool is provided as a free download for all software users (Freeware).
CodeRed Detection and Removal Tool User Reviews (0)
No reviews yet, be the first to add a review and we'll give you some extra points.
CodeRed Detection and Removal Tool Related Searches
CodeRed Detection and Removal Tool Download Notice
CodeRed Detection and Removal Tool is periodically updated by FileCluster but you may encounter situations when the software informations are slightly out-of-date, the producers of CodeRed Detection and Removal Tool can modify the product without notifying us. CodeRed Detection and Removal Tool 1.0.0.115 is currently the last updated version of the software. All rights for CodeRed Detection and Removal Tool are belong to the developer, SOFTWIN.
Any form of support or software problems regarding CodeRed Detection and Removal Tool will be addressd to its developers. Please be aware that we do NOT provide CodeRed Detection and Removal Tool cracks, serial numbers, registration codes or any forms of pirated software downloads.
Any form of support or software problems regarding CodeRed Detection and Removal Tool will be addressd to its developers. Please be aware that we do NOT provide CodeRed Detection and Removal Tool cracks, serial numbers, registration codes or any forms of pirated software downloads.
CodeRed Detection and Removal Tool Related Software
Hot Software
AVG Anti-Virus Free Edition 2012 12.0 Build 2176a4990
Good free antivirus solution
Software
Latest Reviews
Process Explorer: Knowledge is power
There are times when the Windows default tools are just not enough. Even if most of them have been designed for beginner to i...
BitDefender Total Security: All the protection you need with extras
Bitdefender security software has a well-established name in the related industry and Total Security – a step up from t...
Auslogics Registry Cleaner: Cure your computer in 2 clicks
A fresh reinstall of the operating system is apparently the most popular solution when computers begin to have serious perfor...
Win7codecs: Multimedia playback in a snap
The vast majority of media players depend on codecs to render multimedia files so as a Windows user having a codec package in...
Trillian: The multi-IM adventure
Trillian is currently one of the most versatile chat clients available and its primary goal is to make your life easier. Supp...
Ad-Aware Free Internet Security: Always aware of threats
The increasing success of internet security suites is reflecting also on free software not just on the commercial products....
Free IP Scanner: Simple, efficient, out-of-the-box
Expert or not, if you find yourself needing to administrate your network (even a home one) a vital part of this process consi...
View All Reviews
