W32.Pandem - patch

tasklist.org		A comprehensive list of processes running in your computer
		tasklist \| attachlist

bookmark this website!		total tasks: 16297

AttachList is a list of email attachment files that viruses usually send in email. It contains the attached file names, typical subjects and messages, the name of the viruses that send them, and instruction on how to remove these viruses.

most requested

Browse attachlist by file name:

| a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z |

Name: W32.Pandem

Sender:

support@microsoft.com

Subject:

Another Victim Of Social Engineering (C)
Microsoft Security Bulletin
Yet another infected machine

Message:

I'm here to serve you!
Impact of vulnerability: Run code of an attacker's choice
"Important Security and Privacy Information"
Maximum Severity Rating: Critical
Recommendation: Customers using Microsoft Windows 95,98,2K,NT,ME,XP
should apply theattached update. (C)
Recommendation: Customers using Microsoft Windows 95,98,2K,ME,XP
should apply the patch immediately.
Unchecked Buffer in Windows Explorer Could Enable System Compromise
(329390)
Some web sites use unauthorized browser windows, Javascript, cookies,
even malicious filedownloads - without your permission.  Through these
vulnerabilities, your computer may beexposed to harmful internet
threats, and your web browsing can be tracked by unauthorizedthird
parties.
Summary
Who should read this bulletin: Customers using Microsoft Windows
95,98,2K,ME,XP
W32/Pandemonium
Your privacy and security may be compromised

Attachment:

patch.zip
patch_329390.exe
update.exe (C)
update.zip (C)

Comments: A internet worm that attempts to spread by email, through file-sharing applications,including KaZaA, Morpheus, eDonkey, Grokster, LimeWire, GNucleus, BearShare, Direct Connect,and ICQ. Sends a notification to its author when a host is infected and listens onport 61282 for a connection.

Symptoms:


 Displays a dialogue window entitled Security Patch 329390 and which
says Patching system ... wait 
 Adds the value: 
 "CPU Manager" = "%Windir%cpumgr.exe" 
 to the registry key: 
 HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun 
 and the value: 
 "Type"="High" 
 to the key: 
 HKEY_USERS.DEFAULTSoftwareMicrosoftWindows

Recommended Cleanup Software: We found that Easy SpyRemover is the most effective tool for removing this file.

Manual Removal Instructions: Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan and delete all the files detected as W32.Pandem.B.Worm.
Delete the value that was added to the registry.