ALIASES:

Worm:Win32/Eggnog.D (Microsoft); W32/Eggnog.worm.gen (McAfee); W32.Nofer.A@mm (Symantec); P2P-Worm.Win32.Eggnog.f (Kaspersky); BehavesLike.Win32.Malware.tsc (mx-v) (Sunbelt); Trojan horse Generic30.ADHA (AVG)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Worm

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size: 40,875 bytes
File Type: EXE
Memory Resident: No
Initial Samples Received Date: 07 May 2013

Arrival Details

This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This worm drops the following copies of itself into the affected system:

  • %System Root%\My Downloads\Warcraft 3 ISO - Full Downloader.exe
  • %System Root%\My Downloads\Macromedia Key Generator.exe
  • %System Root%\My Downloads\DSL Modem Uncapper Key Generator.exe
  • %System Root%\My Downloads\Hoyle Card Games 2003 Patch.exe
  • %System Root%\My Downloads\Battle.net Crack.exe
  • %System Root%\My Downloads\CKY3 - Bam Margera World Industries Alien Workshop Patch.exe
  • %System Root%\My Downloads\Star Wars Starfighter Patch.exe
  • %System Root%\My Downloads\Internet and Computer Speed Booster Full Downloader.exe
  • %System Root%\My Downloads\Hitman 2 Silent Assassin Crack.exe
  • %System Root%\My Downloads\MS Train Simulator Key Generator.exe
  • %System Root%\My Downloads\Dark Age Of Camelot Shrouded Isles Full Downloader.exe
  • %System Root%\My Downloads\CKY3 - Bam Margera World Industries Alien Workshop Key Generator.exe
  • %System Root%\My Downloads\Age Of Empires 2 Crack.exe
  • %System Root%\My Downloads\Freedom Force Crack.exe
  • %System Root%\My Downloads\Stronghold Crusader Patch.exe
  • %System Root%\My Downloads\Borland Delphi 6 Key Generator.exe
  • %System Root%\My Downloads\Dweebs 2 Patch.exe
  • %System Root%\My Downloads\Unreal Tournament 3 Crack.exe
  • %System Root%\My Downloads\Norton Utilities 2002 XP Full Downloader.exe
  • %System Root%\My Downloads\Mafia Patch.exe
  • %System Root%\My Downloads\Soldiers Of Anarchy Crack.exe
  • %System Root%\My Downloads\Windows XP ISO - Full Downloader.exe
  • %System Root%\My Downloads\Half-life WON ISO - Full Downloader.exe
  • %System Root%\My Downloads\Freedom Force Key Generator.exe
  • %System Root%\My Downloads\Internet and Computer Speed Booster Crack.exe
  • %System Root%\My Downloads\Red Ace Squadron Patch.exe
  • %System Root%\My Downloads\Cat Attacks Child Key Generator.exe
  • %System Root%\My Downloads\Stronghold Crusader Key Generator.exe
  • %System Root%\My Downloads\Hard Truck 18 Wheels of Steel Key Generator.exe
  • %System Root%\My Downloads\CloneCD Patch.exe
  • %System Root%\My Downloads\GTA3 Patch.exe
  • %System Root%\My Downloads\Valhalla Chronicles Patch.exe
  • %System Root%\My Downloads\Xbox.info Full Downloader.exe
  • %System Root%\My Downloads\Macromedia Flash 5.0 ISO - Full Downloader.exe
  • %System Root%\My Downloads\Deadly Dozen Key Generator.exe
  • %System Root%\My Downloads\Hoyle Card Games 2003 ISO - Full Downloader.exe
  • %System Root%\My Downloads\Elder Scrolls III Morrowind THX Brrbrr Full Downloader.exe
  • %System Root%\My Downloads\Comanche 4 Key Generator.exe
  • %System Root%\My Downloads\Internet and Computer Speed Booster Key Generator.exe
  • %System Root%\My Downloads\Winzip 8.0 Crack.exe
  • %System Root%\My Downloads\Elder Scrolls III Morrowind THX Brrbrr ISO - Full Downloader.exe
  • %System Root%\My Downloads\MSN Password Hacker and Stealer Crack.exe
  • %System Root%\My Downloads\Hacking Tool Collection Full Downloader.exe
  • %System Root%\My Downloads\Necromania Trap Of Darkness Key Generator.exe
  • %System Root%\My Downloads\Shakira Patch.exe
  • %System Root%\My Downloads\Borland Delphi 6 Patch.exe
  • %System Root%\My Downloads\Windows XP Crack.exe
  • %System Root%\My Downloads\Strike Fighter Project 1 Full Downloader.exe
  • %System Root%\My Downloads\The Sun Of All Fears Full Downloader.exe
  • %System Root%\My Downloads\Austerlitz Napoleons Greatest Victory Crack.exe

(Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.)

It creates the following folders:

  • %System Root%\My Downloads

(Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.)

This report is generated via an automated analysis system.

  SOLUTION

Minimum Scan Engine: 9.300

Step 1

Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.

Step 2

Search and delete this folder

[ Learn More ]
Please make sure you check the Search Hidden Files and Folders checkbox in the More advanced options option to include all hidden folders in the search result.
  • %System Root%\My Downloads

Step 3

Scan your computer with your Trend Micro product to delete files detected as WORM_EGGNOG.SMI. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.