While we are on the subject about kazaa their is 90 fake files which is part of a virus doing the rounds here is some info for you good folk to help keep you safe
a virus called tanked is on kazaa which copies 90 virus fake files on your system from a temp dir
i noticed this as it has a list of files with most of the fake virus names ... like gutar cords 5.5... you wont be able to see these files as they wont be in your shared files dir ,they will be in a temp dir....
what to do !!!
get yourself a uptodate virus scanner
infofile
http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.c.worm.html
please help others on the kazaa network by doing a search for Guitar Chords Library its only the 5.5 version (there is no such file out there)
--------------------------------------------------------------------------------
This is aworm virus spreading via the Kazaa file sharing network.
The worm has a powerful backdoor routine which connects to an IRC channel and listens to commands from its "master".
The worm itself is a Windows PE EXE file about 100Kb of length written in Microsoft Visual C++, the worm is compressed by UPX file compression utility and then encrypted with "Krypton" Win EXE files encryptor.
When infected file starts, the installation routine gets control.
Installation
While installing the worm copies itself to Windows system directory with different names (see below) and registers that file in two system registry auto-run keys.
The worm copy names are:
"Tanked.11": "system32.exe"
"Tanked.13": "winsys.exe"
"Tanked.14": "cmd32.exe"
The registry keys are:
"Tanked.11":
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SystemSAS = system32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
SystemSAS = system32.exe
"Tanked.13":
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
WinSys = winsys.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
WinSys = winsys.exe
"Tanked.14":
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CMD = cmd32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
CMD = cmd32.exe
Spreading
The worm copies itself to Kazaa directory with following names:
'Battlefield1942_bloodpatch.exe'
'Unreal2_bloodpatch.exe'
'UT2003_bloodpatch.exe'
'AquaNox2 Crack.exe'
'NBA2003_crack.exe'
'FIFA2003 crack.exe'
'C&C Generals_crack.exe'
'UT2003_keygen.exe'
'UT2003_no cd (crack).exe'
'Age of Empires 2 crack.exe'
'Anno 1503_crack.exe'
'C&C Renegade_crack.exe'
'Diablo 2 Crack.exe'
'Gothic 2 licence.exe'
'GTA 3 Crack.exe'
'GTA 3 patch (no cd).exe'
'Hitman_2_no_cd_crack.exe'
'Mafia_crack.exe'
'Neverwinter_Nights_licence.exe'
'NHL 2003 crack.exe'
'WarCraft_3_crack.exe'
'Splinter_Cell_Crack.exe'
'Battlefield1942_keygen.exe'
'Winamp 3.8.exe'
'MediaPlayer Update.exe'
'UT2003_patch.exe'
'ACDSee 5.5.exe'
'DivX Video Bundle 6.5.exe'
'Global DiVX Player 3.0.exe'
'QuickTime_Pro_Crack.exe'
'KaZaA Lite (New).exe'
'iMesh 3.7b (beta).exe'
'iMesh 3.6.exe'
'KaZaA Hack 2.5.0.exe'
'DirectDVD 5.0.exe'
'Flash MX crack (trial).exe'
'Ad-aware 6.5.exe'
'WinZip 9.0b.exe'
'SmartFTP 2.0.0.exe'
'ICQ Lite (new).exe'
'ICQ Pro 2003b (new beta).exe'
'ICQ Pro 2003a.exe'
'AOL Instant Messenger.exe'
'Download Accelerator Plus 6.1.exe'
'Trillian 0.85 (free).exe'
'MSN Messenger 5.2.exe'
'Network Cable e ADSL Speed 2.0.5.exe'
'mIRC 6.40.exe'
'GetRight 5.0a.exe'
'Pop-Up Stopper 3.5.exe'
'Yahoo Messenger 6.0.exe'
'KaZaA Speedup 3.6.exe'
'Nero Burning ROM crack.exe'
'WindowBlinds 4.0.exe'
'Animated Screen 7.0b.exe'
'Living Waterfalls 1.3.exe'
'Matrix Screensaver 1.5.exe'
'Popup Defender 6.5.exe'
'Space Invaders 1978.exe'
'SmartRipper v2.7.exe'
'TweakAll 3.8.exe'
'DVD Copy Plus v5.0.exe'
'Serials 2003 v.8.0 Full.exe'
'Zelda Classic 2.00.exe'
'Need 4 Speed crack.exe'
'Links 2003 Golf game (crack).exe'
'Netfast 1.8.exe'
'Guitar Chords Library 5.5.exe'
'DVD Region-Free 2.3.exe'
'Cool Edit Pro v2.55.exe'
'Coffee Cup Free HTML 7.0b.exe'
'Clone CD 5.0.0.3.exe'
'Clone CD 5.0.0.3 (crack).exe'
'Nimo CodecPack (new) 8.0.exe'
'Business Card Designer Plus 7.9.exe'
'Steinberg_WaveLab_5_crack.exe'
'Hot Babes XXX Screen Saver.exe'
'FreeRAM XP Pro 1.9.exe'
'IrfanView 4.5.exe'
'Audiograbber 2.05.exe'
'WinOnCD 4 PE_crack.exe'
'Final Fantasy VII XP Patch 1.5.exe'
'BabeFest 2003 ScreenSaver 1.5.exe'
'PalTalk 5.01b.exe'
'DirectX Buster (all versions).exe'
'DirectX InfoTool.exe'
'Unreal2_crack.exe'
'FlashGet 1.5.exe'
'Babylon 3.50b reg_crack.exe'
'mp3Trim PRO 2.5.exe'
Other
The worm has "copyright" text strings:
"Tanked.11":
T~Drone.11
t69 [sd]v0.5b TankEd.11
[sd]v0.5b TankEd.11 by [sd]
"Tanked.13":
T~Drone.13
t69 [sd]v0.5b TankEd.13
[sd]v0.5b TankEd.13 by [sd]
"Tanked.14":
T~Drone.14
t69 [sd]v0.5b TankEd.14
[sd]v0.5b TankEd.14 by [sd]
hope this some help to you all....baz