Description:

As of March 9, 2:49 AM (US Pacific Time), a significant number of infection reports have reached TrendLabs regarding this new Internet worm, which has been found to be rapidly spreading in China.

This network worm uses the valid utility, PSEXEC.EXE, to connect to remote machines on the same network. It attempts to log on to remote machines as administrator using several passwords listed in its body. It connects via TCP port 445.

It drops a copy of itself as Dvldr32.exe and a backdoor program as INST.EXE on accessible machines.

This worm, which runs on Windows 2000 and XP, disables hidden remote shares.
...more