Choose Your Language:
International
Login
CodeRed Detection and Removal Tool 1.0.0.115
-
License:
Freeware
-
Latest Version:
1.0.0.115
-
Editors' Review:
Not yet reviewed
-
Updated:
Mar 19, 2010
- Publisher:
-
Platform:
Windows
- Category:
- Subcategory:
-
File size:
0.03 Mb
-
Downloads:
227
Author's Description
CodeRed Detection and Removal Tool - Effective way of erasing the CodeRed malware
A simple and effective way of erasing the CodeRed malware
CodeRed Detection and Removal Tool is a lightweight utility that targets the Win32.IISWorm.CodeRed.F worm.
The virus exploits a buffer overflow vulnerability in the Microsoft Windows IIS Server, that runs on Microsoft Windows NT and Windows 2000. The patch and information about this problem can be found at the address:
http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
The worm begins spreading itself by sending HTTP queries. Unpatched machines will execute the worm code directly from memory. Once executed, the worm scans kernel32.dll 's export table for the GetProcAddress function and then finds the addresses of the functions needed for further spreading. It then exploits yet another bug in Microsoft Windows, the relative shell path vulnerability.
This particular vulnerability is used to load another shell program instead of the usual explorer.exe (found in %WINDIR%) by writing a file named explorer.exe in the %SYSTEMROOT% directory. The worm checks whether Chinese (either Traditional or Simplified) is the language installed on the system. If it is Chinese, it creates 600 threads and spreads for 48hours. On a non-Chinese system it creates 300 threads and spreads for 24 hours.
After that, it reboots the system using ExitWindowEx function. The worm dumps part of its body to %SYSTEMROOT%explorer.exe, which is in fact a trojan component, allowing the attacker to remotely access the infected computers.
The trojan component modifies the registry key:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable]
to disable file system security and allows a remote attacker to access drives C: and D: via a web browser by adding read/write rights using the registry key:
[HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\Virtual Roots]
A simple and effective way of erasing the CodeRed malware
CodeRed Detection and Removal Tool is a lightweight utility that targets the Win32.IISWorm.CodeRed.F worm.
The virus exploits a buffer overflow vulnerability in the Microsoft Windows IIS Server, that runs on Microsoft Windows NT and Windows 2000. The patch and information about this problem can be found at the address:
http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
The worm begins spreading itself by sending HTTP queries. Unpatched machines will execute the worm code directly from memory. Once executed, the worm scans kernel32.dll 's export table for the GetProcAddress function and then finds the addresses of the functions needed for further spreading. It then exploits yet another bug in Microsoft Windows, the relative shell path vulnerability.
This particular vulnerability is used to load another shell program instead of the usual explorer.exe (found in %WINDIR%) by writing a file named explorer.exe in the %SYSTEMROOT% directory. The worm checks whether Chinese (either Traditional or Simplified) is the language installed on the system. If it is Chinese, it creates 600 threads and spreads for 48hours. On a non-Chinese system it creates 300 threads and spreads for 24 hours.
After that, it reboots the system using ExitWindowEx function. The worm dumps part of its body to %SYSTEMROOT%explorer.exe, which is in fact a trojan component, allowing the attacker to remotely access the infected computers.
The trojan component modifies the registry key:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable]
to disable file system security and allows a remote attacker to access drives C: and D: via a web browser by adding read/write rights using the registry key:
[HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\Virtual Roots]
CodeRed Detection and Removal Tool 1.0.0.115 is licensed as Freeware for the Windows operating system / platform. CodeRed Detection and Removal Tool is provided as a free download for all software users (Freeware).
User Reviews (0)
No reviews yet, be the first to add a review and we'll give you some extra points.
Related Searches
Download Notice
CodeRed Detection and Removal Tool is periodically updated by FileCluster but you may encounter situations when the software informations are slightly out-of-date, the developer can modify this product without notifying us. Version [1.0.0.115] is currently the latest updated version of the software.
Any form of support or software problems will be addressd directly to its developers, SOFTWIN. Please be aware that we do NOT provide CodeRed Detection and Removal Tool cracks, serial numbers, registration codes or any forms of pirated software downloads.
Any form of support or software problems will be addressd directly to its developers, SOFTWIN. Please be aware that we do NOT provide CodeRed Detection and Removal Tool cracks, serial numbers, registration codes or any forms of pirated software downloads.
Related Software
BitDefender Internet Security 2013 Build 16.29.0.1830
Application that offers complete protection
Application that offers complete protection
10 / 2,385
F-Secure Easy Clean 2.0.18360.26
Freeware utility that will help you detect and remove malware from an infected computer.
Freeware utility that will help you detect and remove malware from an infected computer.
7 / 532
Quick Heal AntiVirus Pro 2013 14.00 (7.0.0.1)
Antivirus AntiSpyware Antimalware AntiRoot protection in one.
Antivirus AntiSpyware Antimalware AntiRoot protection in one.
24 / 4,664
Hot Software
AVG Anti-Virus Free Edition 2013 Build 3343a6324
Good free antivirus solution
Software
Latest Reviews
Notezilla: Your endless pile of desktop sticky notes
Let’s face it: using paper sticky notes to remember things is something that lots of people do. Sadly, when their number ge...
MyPC plus: Easy access to system information and control
System information is often needed by IT professionals but also by regular home users. It doesn’t matter how advanced your ...
HidesFiles: Cloak confidential data from prying eyes
For the delicate situations in which you need to protect sensitive or personal data stored on a shared computer, or you just ...
Logon Editor: Set any image as your Windows logon screen background
With Logon Editor, Windows 7 users no longer have to see the same background in their logon screen. Since customizing it is n...
UltraSurf: Ultra anonymity, worry-free Web surfing
Online privacy is highly valued, although it cannot be achieved without using a proxy application or performing related setti...
Driver Fusion: Straightforward management of system drivers
Just like program leftovers, junk files and hard disk fragmentation, drivers can also cause their own series of errors and pe...
GOM Audio: Small player, great potential
There’s no shortage of audio players these days: even free ones offer solid sets of features and attractive UIs. However, c...
View All Reviews
