Welcome to the Virus Encyclopedia of Panda Security.
It prevents certain antivirus programs from being updated, thus leaving the system unprotected. It also disables the Windows XP firewall and the system restore utility. It spreads through peer-to-peer (P2P) file sharing programs.
|First detected on:||Nov. 10, 2007|
|Detection updated on:||Nov. 13, 2007|
|Yes, using TruPrevent Technologies
CivilArmy.B is a worm that prevents the users and the programs from accessing certain websites belonging to antivirus companies. As a consequence, the antivirus programs could not be updated.
Additionally, it disables the Windows XP firewall and the system restore utility.
CivilArmy.B spreads through peer-to-peer (P2P) file sharing programs, creating copies of itself in the shared directories belonging to several P2P programs, such as BearShare, eDonkey, eMule or KaZaA.
CivilArmy.B is easy to recognize, as when it is run, a text file called SexStory is opened, where a love story is narrated:
At the end of the story, the user is warned that the computer is infected with the following text:
ha ha ha ha you are victim
end of story