Harry Potter is a worm

He is also, of course, the protagonist of the most popular fantasy story.

A worm called Hairy.A uses the popular hero to facilitate its spread. The worm makes an unfocused change to the Windows registry and disables the task manager as well as the registry manager.

A securityport.hu performs the following operations as described:

1. Create the following files:
% SystemDrive% \ Documents and Settings \ All Users \ Desktop \ HarryPotter-TheDeathlyHallows.exe
% Windir% \ Cache \ HarryPotter-TheDeathlyHallows.exe
% Windir% \ Tempt \ talk.bat
% SystemDrive% \ harry potter.txt
% SystemDrive% \ HarryPotter-TheDeathlyHallows.doc

2. Add the following entry to the registration database:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run”talk” = “C:\WINDOWS\Tempt\talk.bat”

3. Modify the following entries in the registration database:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main”Window Title” = “JK Rowling Owns You”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”NoFolderOptions” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”NoViewContextMenu” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”NoShellSearchButton” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”NoFind” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”NoRun” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer”HideClock” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVe rsion\Policies\Explorer”NoTrayContextMenu” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVe rsion\Policies\Explorer”NoTrayItemsDisplay” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentV ersion\policies\Explorer”NoViewContextMenu” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentV ersion\Explorer\Advanced\Folder\Hidden\SHOWALL”CheckedVal ue” = “0”

4. Modify the following entries in the registration database:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentV ersion\policies\system”DisableTaskMgr” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System”DisableTaskMgr” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System”DisableRegistryTools” = “1”
HKEY_LOCAL_MACHINE\SYSTEM\Services\CurrentControlSet\S ervices\SharedAccess\Parameters\FirewallPolicy\StandardPro file”EnableFirewall” = “0”
HKEY_LOCAL_MACHINE\SYSTEM\Services\CurrentControlSet\S ervices\SharedAccess\Parameters\FirewallPolicy\StandardPro file”DoNotAllowExceptions” = “0”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore”DisableSR” = “1”

These make the Windows Task Manager, system recovery features, the registry editor, and Windows Firewall inaccessible.

5. Modify the following entries in the registration database:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main”Start Page” = “[http://]www.amazon.com/Putter-Chamber-Cheesecakes-Timoth y-ODonnell/dp/1411606884/ref=pd_bbs_sr_2_s9_rk/104-50558 [R EMOVED]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main”Start Page” = “[http://]www.amazon.com/Putter-Chamber-Cheesecakes-Timoth y-ODonnell/dp/1411606884/ref=pd_bbs_sr_2_s9_rk/104-50558 [R EMOVED]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion”RegisteredOwner” = “Harry Potter”
HKEY_LOCAL_MACHINE\SYSTEM\Services\CurrentControlSet\Services\sr”Start” = “4”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion”ProductId” = “HARRY-POT-TERHATE-SYOU1”

6. Opens the HarryPotter-TheDeathlyHallows.doc file on the system drive, which contains the following text:
Harry Potter is dead too.

7. It displays a message box with the title “read and repent” with the following text:
“The end is near
repent from your evil ways O Ye folks
lest you burn in hell… JK Rowling especially ”

8. Copy the following files to each local and removable drive:
[drive letter]: \ HarryPotter-TheDeathlyHallows.exe
[drive letter]: \ autorun.inf

9. Deletes scheduled tasks and submits your own tasks instead.

10. Create the following user accounts:
Harry Potter
Ron Weasley
Hermione Granger
Each new user account is provided with a password of "1254".

11. The worm restarts the computer.

Reading: 2 631

Featured

BlitzHome BH-CDW1, the smart, portable, desktop dishwasher, is on sale again

Featured

BLITZWILL BWL-FL-0001 - Showy floor lamp with a 10 discount

Somoreal SM-OLT9 - we add wings to our lamps

Both BlitzWill ceiling lights are on sale this week

BlitzWolf BW-SX31 wireless microphone at a Black Friday price

Featured

Is this a joke? Xiaomi self-emptying robot vacuum cleaner for HUF 93?

Featured

XIAOMI AtuMan DUKA E2 - budget-friendly electric screwdriver

Xiaomi sales for smart homes

Xiaomi Redmi AX5400 - another new WiFi 6 router from Xiaomi

Xiaomi Redmi AX6000 - new WiFi 6 router from Xiaomi

Harry Potter is a worm

About the Author

Clingers

BuyBestGear

ranvee

G6.hu

Featured

BlitzHome BH-CDW1, the smart, portable, desktop dishwasher, is on sale again

Featured

BLITZWILL BWL-FL-0001 - Showy floor lamp with a 10 discount

Featured

Is this a joke? Xiaomi self-emptying robot vacuum cleaner for HUF 93?

Featured

XIAOMI AtuMan DUKA E2 - budget-friendly electric screwdriver

Harry Potter is a worm

About the Author

Related posts

BuyBestGear

ranvee