Name: Worm.P2P.Duload. Category: Viruses Description: Details Worm.P2P.Duload.b Worm.P2P.Duload represents a family of worms that replicate by copying themselves into a Kazaa network shared folder located on victim machines. The worm itself is a Windows application (PE EXE file) written in Visual Basic, 7680 bytes in size (packed with UPX). Installation The worm copies itself to the Windows System directory under the name SystemConfig.exe and modifies the system registry so that this file automatically loads upon start-up. This is done by writing the following registry values: [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] "Windows System Configure"="[System Directory path]SystemConfig.exe" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun] "Windows System Configure"="[System Directory path]SystemConfig.exe" [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices] "Windows System Configure"="[System Directory path]SystemConfig.exe" Replication The Duload worm creates a directory in the Windows System directory named "Media" and then copies itself to this directory under the following names: Alicia Silverstone Payboy Nude.exe Bingo.exe Britney Spears Dance Beat.exe DDos Client.exe Email Bomber.exe FileServer.exe Flash Golf.exe Free Mpegs.exe Free Pics.exe Free Porn.exe Hoes For You Solitare.exe Hotmail Hacker.exe Irc Client.exe J.Lo Bikini Screensaver.exe Jenna Jamison Dildo Humping.exe Kama Sutra Tetris.exe Kazaa Clone.exe Mirc 7.0.exe Napster Clone.exe Pamela Anderson And Tommy Lee Home Video.exe Play Games Online For FREE.exe Ps2 Emulator.exe Ps2 Iso 2 Rom Converter.exe Shakira Dancing.exe Soldier Of Fortune 2 Mutiplayer Serial Hack.exe System Monitor.exe The Sims Game Crack.exe Universal Game Crack.exe Warcraft 3 Battle.net Crack.exe Website Hacker.exe Win A Ps2.exe Win An Xbox.exe Winace.exe Windows Hacker.exe Winmx.exe Winrar.exe Winzip.exe Working Iso Burner.exe Xbox Emulator.exe Xbox Iso 2 Rom Converter.exe Then the worm writes several registry values in the [HKEY_CURRENT_USERSoftwareKazaa] registry key, so that the Media directory becomes available as a Kazaa shared directory.