|
Title: Feebs.b
Type: Worms
Remove Feebs.b. Removal instructions
Severity scale:
 (70 / 100)
Once executed, Feebs.b displays a fake logon prompt, installs itself to the system and runs a spreading routine. The worm sends malicious letters to all the addresses it find on the compromised computer. It also creates infected files with meaningful names in shared folders of installed peer-to-peer programs. The parasite's payload is comprised of several harmful functions. Feebs.b collects user sensitive information including various passwords, account details and e-mail addresses, and uploads it to a predetermined FTP server. The worm terminates running antiviruses, firewalls and other security-related programs and prevents them from running on system startup. It also cripples and disables most system services and shuts down the Windows Firewall. Furthermore, Feebs.b may run a hidden web server used to spread the infection. The parasite uses an integrated rootkit component, which injects malicious code into all active processes in order to block access to the worm's files. Feebs.b automatically runs on every Windows startup. Related files: command.exe, ms[X1].exe, ms[X2]32.dll, ms[X3], userinit.exe Feebs.b properties: • Sends out logs by FTP or email • Connects itself to the internet • Hides from the user • Stays resident in background Automatic Feebs.b removal: 
We are testing STOPzilla's efficiency at removing Feebs.b
(2007-04-24 07:01:52)
We are testing Malwarebytes Anti Malware's efficiency at removing Feebs.b
(2007-04-24 07:01:52)
We are testing Spyware Doctor's efficiency at removing Feebs.b
(2007-04-24 07:01:52)
Feebs.b manual removal:Kill processes:command.exe, ms[X1].exe Delete registry values: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\[filename] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CD5AC91B-AE7B-E83A-0C4C-E616075972F3} HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall=0 HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsFirewallStandardProfile\EnableFirewall=0 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall=0 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall=0 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\web=[site address] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS[X4] HKLM\SOFTWARE\Microsoft\MSGW Unregister DLLs: ms[X2]32.dll Delete files: command.exe, ms[X1].exe, ms[X2]32.dll, ms[X3], userinit.exe Misc: [X1], [X2], [X3] and [X4] are four different strings comprised of random characters. [site address] is an address of a web site on the popcapfree.t35.com domain. Filenames may vary. Feebs.b creates randomly named registry keys. Exact file location: command.exe - C: and C:\Documents and Settings\All Users\Start Menu\Programs\Startup ms[X1].exe, ms[X2]32.dll, ms[X3] - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32 Feebs.b drops its copies as several malicious *.zip files. The files can be named after the following: winamp_7_new!_full+crack.zip DivX_8.0_new!_full+crack.zip Internet_Explorer_7_new!_full+crack.zip ICQ_2007_new!_full+crack.zip Ahead_Nero_8_new!_full+crack.zip Microsoft_Office_2006_new!_full+crack.zip Kazaa_4_new!_full+crack.zip Vista_Final_new!_full+crack.zip 
Information added: 2005-12-25 06:51:33
Information updated: 2007-04-24 04:24:37 Additional resources related to Feebs.b:Attention: If you know or you have a website or page about Feebs.b removal, feel free to add a link to this list: add url |
Latest spyware news:
Subscribe to news
Similar parasites:
|
FORUM:
HELP:
Spreading the knowledge:
It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your
visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
Post Comment: