Welcome to the Virus Encyclopedia of Panda Security.
It opens two ports, through which the worm can download and run files on the affected computer. It spreads by exploiting the LSASS and RPC DCOM vulnerabilities and restarts the computer.
Plexus.A is a worm that spreads through different means:
When it exploits the LSASS vulnerability, Plexus.A can only affect and spread automatically to Windows XP/2000 computers that have their port 5000 open (by default, this port is open in Windows XP whereas it is closed in Windows 2000). However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.
However, when it exploits the RPC DCOM vulnerability, Plexus.A affects Windows 2003/XP/2000/NT computers.
In both cases, Plexus.A restarts the computer automatically.
Plexus.A opens the TCP port 1250 and a random port and listens to them. If it were a connection available thorugh these ports, a remote user could download and execute files in the affected computer.
If you have any of the Windows operating systems mentioned above installed in your computer, it is highly recommendable to download the security patches for the RPC DCOM and LSASS vulnerabilities from the Microsoft website.
Plexus.A is easy to recognize, as it restarts computers when it attempts to affect them by exploiting the RPC DCOM (Windows 2003/XP/2000/NT) or LSASS (Windows XP/2000) vulnerabilities.
For example, if Plexus.A successfully exploits the LSASS vulnerability, the following message is displayed on screen:
A similar message is displayed when exploiting the RPC DCOM vulnerability.
ARE YOU FACING ANY PC OR INTERNET RELATED PROBLEMS? FREE SUPPORT INCLUDED. CALL US 24/7
powered by Anytech365