Pests are downloaded by the Fubalca worm

The Fubalca.E worm spreads primarily through removable storage devices and downloads various malicious codes over the Internet.

The Fubalca.E worm copies itself to all writable drives on infected computers. The malware also ensures that removable storage devices start automatically when they are reconnected.

Fubalca.E creates a service called “WindowsDown” and then tries to hide behind the svchost.exe file. After that, it downloads files from predefined remote servers, which are saved in the Windows System directory.

When the Fubalca.E worm starts, it performs the following actions:

1. Create the following file:
% System% \ servet.exe

2. Modify the following entry in the registration database:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVe rsion\Policies\Explorer”NoDriveTypeAutoRun” = “0”

3. Create an AutoRun.inf file in the root directory of each writable drive

4. Change the system date to January 1981, 12, if the% System% \ drivers \ klick.sys file exists.

5. Create a service called “WindowsDown”.

6. Add the following entry to the registration database:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ W indowsDown

7. The worm tries to hide itself using the% System% \ svchost.exe file.

8. Download files from predefined servers and save them to the Windows System directory.