Content
W32/Cozit.worm
- Type
- Virus
- SubType
- P2P Worm
- Discovery Date
- 10/14/2002
- Length
- 48,640
- Minimum DAT
- 4230 (10/23/2002)
- Updated DAT
- 4346 (03/31/2004)
- Minimum Engine
- 5.1.00
- Description Added
- 10/24/2002
- Description Modified
- 10/24/2002 5:07 PM (PT)
Tab Navigation
Characteristics
This is a KaZaa peer-to-peer file sharing network worm. When run, it displays a fake Windows error message box with warning text "This file is not a valid Win32 application." The worm copies itself to Windows directory as Svchost.exe. It creates the following registry entry to be able to run at Windows start up:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"Svchost" = "c:\windows\svchost.exe"
\KAZAA\LocalContent\DisableSharing to be 0 to enable file sharing. Then the worm copies itself to KaZaa download folder as one of the following:
- Unreal 3 Patch.exe
- UnrealTournament2003 Demo.exe
- UnrealTournament2003 Patch.exe
- UnrealTournament2003 Bugfix.exe
- UnrealTournament2003 Crack.exe
- UnrealTournament2003 Cheat.exe
- Unreal 3 Crack.exe
- Unreal 3 Bugfix.exe
- Unreal 3 Cheat.exe
- UT2003 Demo.exe
- UT2003 Patch.exe
- UT2003 Bugfix.exe
- UT Patch.exe
- Free Sex.exe
- Sex Poker.exe
- Wc3 Keygen.exe
- Free Porn.exe
- Wet Teen.exe
- Pamela Andersson Sex.exe
- X-Files.exe
- Serials.exe
- Teens.exe
- Naughty Pictures.exe
- WinZip.exe
- AOL Hacker.exe
- AOL Cracker.exe
- Hotmail Hacker.exe
- Hotmail Cracker.exe
- Hacker.exe
- Spiderman.exe
- Lolitas.exe
- DC Hacker.exe
- DC Cracker.exe
- DC Cheater.exe
- DC++ Cracker.exe
- DC++ Cheater.exe
- DC++ Hacker.exe
- DC++ Faker.exe
- DC++ Fakeshare.exe
- ICQ Hacker.exe
- ICQ Cracker.exe
- ICQ Nuker.exe
- Nuker.exe
- WinNuke.exe
- Backdoor.exe
- Trojan.exe
- AD Remover.exe
- Jet Li.avi.exe
- DivX 5 Codecs.exe
- SVCD Codecs.exe
- Divx Player.exe
- ICMP Nuke.exe
- WinZip crack.exe
- Naked Girls.exe
- KaZaA.exe
- Optimize your bandwidth.exe
- Getright.exe
- Serialz.exe
- ScreenSaver.exe
- Crack.exe
- Jennifer Lopez Sex.exe
- Warcraft 3 Patch.exe
- Warcraft 3 Bugfix.exe
- Warcraft 3 Cheat.exe
- Warcraft 3 Serial.exe
- Counter-Strike Keygen.exe
- Counter-Strike Patch.exe
- Counter-Strike Cheats.exe
- Getright Keygen.exe
- Warcraft 3 Keygen.exe
Symptoms
Existence of file svchost.exe in the Windows directory, and the registry run key.
Method of Infection
The worm spreads via KaZaa peer-to-peer network.
Removal
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants
Variants
N/A
All Information
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Aliases
- W32.HLLW.Cozit (Symantec)
- Win32.Cozit.A (CA)
- Worm.P2P.Cozit (AVP)
Characteristics
Characteristics -
This is a KaZaa peer-to-peer file sharing network worm. When run, it displays a fake Windows error message box with warning text "This file is not a valid Win32 application." The worm copies itself to Windows directory as Svchost.exe. It creates the following registry entry to be able to run at Windows start up:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
"Svchost" = "c:\windows\svchost.exe"
\KAZAA\LocalContent\DisableSharing to be 0 to enable file sharing. Then the worm copies itself to KaZaa download folder as one of the following:
- Unreal 3 Patch.exe
- UnrealTournament2003 Demo.exe
- UnrealTournament2003 Patch.exe
- UnrealTournament2003 Bugfix.exe
- UnrealTournament2003 Crack.exe
- UnrealTournament2003 Cheat.exe
- Unreal 3 Crack.exe
- Unreal 3 Bugfix.exe
- Unreal 3 Cheat.exe
- UT2003 Demo.exe
- UT2003 Patch.exe
- UT2003 Bugfix.exe
- UT Patch.exe
- Free Sex.exe
- Sex Poker.exe
- Wc3 Keygen.exe
- Free Porn.exe
- Wet Teen.exe
- Pamela Andersson Sex.exe
- X-Files.exe
- Serials.exe
- Teens.exe
- Naughty Pictures.exe
- WinZip.exe
- AOL Hacker.exe
- AOL Cracker.exe
- Hotmail Hacker.exe
- Hotmail Cracker.exe
- Hacker.exe
- Spiderman.exe
- Lolitas.exe
- DC Hacker.exe
- DC Cracker.exe
- DC Cheater.exe
- DC++ Cracker.exe
- DC++ Cheater.exe
- DC++ Hacker.exe
- DC++ Faker.exe
- DC++ Fakeshare.exe
- ICQ Hacker.exe
- ICQ Cracker.exe
- ICQ Nuker.exe
- Nuker.exe
- WinNuke.exe
- Backdoor.exe
- Trojan.exe
- AD Remover.exe
- Jet Li.avi.exe
- DivX 5 Codecs.exe
- SVCD Codecs.exe
- Divx Player.exe
- ICMP Nuke.exe
- WinZip crack.exe
- Naked Girls.exe
- KaZaA.exe
- Optimize your bandwidth.exe
- Getright.exe
- Serialz.exe
- ScreenSaver.exe
- Crack.exe
- Jennifer Lopez Sex.exe
- Warcraft 3 Patch.exe
- Warcraft 3 Bugfix.exe
- Warcraft 3 Cheat.exe
- Warcraft 3 Serial.exe
- Counter-Strike Keygen.exe
- Counter-Strike Patch.exe
- Counter-Strike Cheats.exe
- Getright Keygen.exe
- Warcraft 3 Keygen.exe
Symptoms
Symptoms -
Existence of file svchost.exe in the Windows directory, and the registry run key.
Method of Infection
Method of Infection -
The worm spreads via KaZaa peer-to-peer network.
Removal -
Removal -
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
