Skip to main content
Skip to main content
Microsoft Security Intelligence
Cart 0 items in shopping cart
Sign in
Published Jul 09, 2009 | Updated Sep 15, 2017

Worm:Win32/Dogkild.A

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

Worm:Win32/Dogkild.A is a worm that that spreads via removable drives. It  downloads and executes arbitrary files from a remote host. It has been designed to deliberately compromise particular System Restore hardware and software.
 
Note: In the wild this worm has been observed being downloaded and installed onto affected machines by malicious code detected as Exploit:JS/CVE-2008-0015.
 
Exploit:JS/CVE-2008-0015 is detection for code that attempts to exploit a vulnerability in the Microsoft Video ActiveX Control. When a user visits a Web page containing an exploit detected as Exploit:JS/CVE-2008-0015, it may connect to a remote server and download other malware. This vulnerability is discussed in detail in Microsoft Security Advisory (972890).
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.
 
This threat is known to exploit a vulnerability in Microsoft Video ActiveX Control. Customers may prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either manually using the instructions in the Workaround section or automatically using the solution found in Microsoft Knowledge Base Article 972890. By preventing the Microsoft Video ActiveX Control from running in Internet Explorer, there is no impact to application compatibility.
 
Additionally, see Microsoft Security Advisory 972890 for more information on mitigation and workarounds.
To recreate a clean HOSTS file:
  1. Click Start, and click Run.
  2. Open the Hosts file, according to operating system:

    On Windows 95, Windows 98, or Windows ME systems:
    In the Open field, type: notepad %windir%\hosts

    On Windows NT-based operating systems, such as Windows 2000 or Windows XP:
    In the Open field, type: notepad<system folder>\drivers\etc\hosts
    -- for example, on Windows 2000:
    In the Open field, type: notepad C:\WINNT\system32\drivers\etc\hosts
    -- or on Windows XP:
    In the Open field, type: notepad C:\Windows\system32\drivers\etc\hosts

    On Windows Vista:
    Click Start, click All Programs, click Accessories, right-click Notepad, and then click Run as administrator
    Click File, click Open, type: %windir%\system32\drivers\etc\hosts, and then click Open
  3. On the first line of the HOSTS file, type: 127.0.0.1 localhost as in the following example after modifying a default 'hosts' file:


  4. Save the file to the same location you opened it from.
  5. Close Notepad.
Follow us