The Mogi virus is invisibly spread on file changers

The Mogi worm specializes in spreading on file-sharing networks and tries to become invisible on infected computers through its rootkit function.

One of the worst features of the Mogi worm is that it also has so-called rootkit features that try to hide your files as best you can. Thus, removing it is often not an easy task. The worm is primarily transmitted to computers from file-sharing networks. After infection, it initiates distributed denial-of-service attacks against predefined websites.

When the Mogi worm starts, it can perform the following actions:

1. Copy yourself to the Windows System directory

2. The registration database
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentV ersion \ Run
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentV ersion \ Run
adds to your keys
"Services" = "iexplore.exe".

3. Create a mutex called "iexplore" to run only one instance at a time on the selected computers.

4. Try to stop the processes associated with the security software.

5. Create the following files:
% System% \ ath.exe
% System% \ balyoz.exe
% System% \ bomba.exe
% System% \ bonk.exe
% System% \ jolt2.exe
% System% \ kod.exe
% System% \ sin.exe
% System% \ suf.exe
% System% \ syn.exe
% System% \ smurf.exe

6. Copy a covert.dll file to the Windows System directory that has rootkit functionality and its main function is to hide the files created earlier.

7. Try to infect as many processes as possible.

8. Initiate denial of service attacks against predefined websites.

9. Copy yourself to the directories used by the file exchange software with the following file names:
Dragon_NaturallySpeaking_xp.exe
norton_2004_setup.exe
multi_password_cracker.exe.