Sunshine on a stormy day
StormWorm has been spreading for quite a bit for now. Otherwise known as win32.tibs, win32.zhelatin or Trojan.Peacomm, it has been a widespread pesk for a long time.
StormWorm uses P2P-networking to get it’s orders to spam, ddos or update itself. It also utilizes a kernel-level driver to activate itself and protect itself (rootkit). I wrote a removal tool to remove StormWorm, and it should catch various variants nicely. The tool can be downloaded from here. As always, all feedback is appreciated. You can send it over to toni(_at_)teamfurry.com
July 25th, 2007 at 11:47 pm
I installed your program to remove stormworm, and it worked so fast, or maybe didn’t work, that I couldn’t tell what it did.
What my’puter seemed to have was called 551 Stormworm@MXLMinfected
ip-66.82.4.8 : 53
Spam mail kept trying to get out in batches of 500 plus or more, but Norton wouldn’t let it, but did run my hard drive ragged, trying to scan each one.
Hope I did the right thing. Thanks R
August 1st, 2007 at 8:29 am
If Norton is quiet currently then the tool worked. I forgot to mention that it’s a command-line tool. If you run it by doubleclicking the SunShine.exe you won’t stand a chance of reading the output. If you want to see it, go to start->run->cmd and run it from there.
August 6th, 2007 at 1:20 pm
[…] has a link to MW-Blog. I haven’t tried it yet and I don’t know if I will. You should only begin working with […]
August 11th, 2007 at 6:18 am
I have to say, that I could not agree with you in 100% regarding Sunshine on a stormy day, but it’s just my opinion, which could be wrong :)
August 16th, 2007 at 7:27 am
On what you don’t agree? :) I’m always open for discussion :) I’m sorry your comment got whacked by the spamfilter. It’s quite a fresh install so it hasn’t been taught properly yet.
–Toni
September 7th, 2007 at 4:59 pm
Ive run it on one of the 3 machines, and its all clear….lets hope the others are. Thanks Toni
Dave :)