Nume:TR/FakeAV.LBG.1
Descoperit pe data de:08/07/2010
Tip:Troian
ITW:Da
Numar infectii raportate:Scazut
Potential de raspandire:Mediu
Potential de distrugere:Scazut spre mediu
Fisier static:Da
Marime:1.595.392 Bytes
MD5:7789abbeda92bcfba31e85f897b00F13
Versiune IVDF:7.10.09.45 - Donnerstag, 8. Juli 2010

 General Metoda de raspandire:
   • Nu are rutina proprie de raspandire


Alias:
   •  Eset: Win32/Adware.DesktopDefender2010.AG


Sistem de operare:
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Efecte secundare:
   • Creeaza fisiere
   • Modificari in registri
Poate fi folosit de malware pentru a reduce nivelul de securitate.
Raporteaza probleme de sistem sau infectii malware inexistente si se ofera sa le repare daca utilizatorul cumpara aplicatia.


Imediat dupa lansarea in executie, pe ecran este afisat:



 Fisiere  Sterge urmatorul fisier:
   • %TEMPDIR%\qas1.tmp



Sunt create fisierele:

– %TEMPDIR%\02c9c3c35bdx5.exe
– %TEMPDIR%\17dkf.exe
– %TEMPDIR%\1iowieoo.exe
– %TEMPDIR%\2010yo.exe
– %TEMPDIR%\472a10e2ebxd9.exe
– %TEMPDIR%\56493.exe
– %TEMPDIR%\8gmsed-bd.exe
– %TEMPDIR%\a75wef8e0e7.exe
– %TEMPDIR%\ae0965a7157cd.exe
– %TEMPDIR%\al3erfa3.exe
– %TEMPDIR%\aler3fa.exe
– %TEMPDIR%\alerfa.exe
– %TEMPDIR%\alerfa2.exe
– %TEMPDIR%\alerfa322.exe
– %TEMPDIR%\aqfitrlxi2.exe
– %TEMPDIR%\backd-efq.exe
– %TEMPDIR%\brdss.exe
– %TEMPDIR%\bzqa43d.exe
– %TEMPDIR%\cffd4.exe
– %TEMPDIR%\cocksucker.exe
– %TEMPDIR%\cosock.exe
– %TEMPDIR%\cunifuc.exe
– %TEMPDIR%\dc_3.exe
– %TEMPDIR%\dd10x10.exe
– %TEMPDIR%\ddhelp.exe
– %TEMPDIR%\ddoll3342.exe
– %TEMPDIR%\destroyer.exe
– %TEMPDIR%\dffuck.exe
– %TEMPDIR%\dkfjd93.exe
– %TEMPDIR%\ds7hw.exe
– %TEMPDIR%\dwl_bqz.exe
– %TEMPDIR%\eelnvd13.exe
– %TEMPDIR%\eephilpe.exe
– %TEMPDIR%\exppdf_w.exe
– %TEMPDIR%\fadz43.exe
– %TEMPDIR%\fe.exe
– %TEMPDIR%\format.exe
– %TEMPDIR%\gedx_ae09.exe
– %TEMPDIR%\gpdfsws_bbg.exe
– %TEMPDIR%\gpupz2a.exe
– %TEMPDIR%\hardwh.exe
– %TEMPDIR%\hhbboll_2.exe
– %TEMPDIR%\hiphop.exe
– %TEMPDIR%\hjkgfddd.exe
– %TEMPDIR%\hodeme.exe
– %TEMPDIR%\htfad4.exe
– %TEMPDIR%\hvipws9.exe
– %TEMPDIR%\jdhellwo3.exe
– %TEMPDIR%\jkfuckfu.exe
– %TEMPDIR%\jofcdks.exe
– %TEMPDIR%\kgn.exe
– %TEMPDIR%\kilslmd.exex
– %TEMPDIR%\kjdh_gf_jjdhgd.exe
– %TEMPDIR%\kjh102k3.exe
– %TEMPDIR%\kn.a.exe
– %TEMPDIR%\kock.exe
– %TEMPDIR%\ljts-23.exe
– %TEMPDIR%\lkhgg_ea.exe
– %TEMPDIR%\lols.exe
– %TEMPDIR%\lorsk.exe
– %TEMPDIR%\ploper.exe
– %TEMPDIR%\poertd.exe
– %TEMPDIR%\ppddfcfux.exxe
– %TEMPDIR%\pswwg3c.exe
– %TEMPDIR%\puzpup.exe
– %TEMPDIR%\qwedvor.exe
– %TEMPDIR%\qwklrvjhqlkj.exe
– %TEMPDIR%\r0life.exe
– %TEMPDIR%\rator.exe
– %TEMPDIR%\rsrtd12.exe
– %TEMPDIR%\rtfme.exe
– %TEMPDIR%\safe.exe
– %TEMPDIR%\snowif.exe
– %TEMPDIR%\sycre.exe
– %TEMPDIR%\test.exe
– %TEMPDIR%\timem.exe
– %TEMPDIR%\w32-reno-c.exe
– %TEMPDIR%\warsddd_w.exe
– %TEMPDIR%\wefgetn_00.exe
– %TEMPDIR%\wergfq.exe
– %TEMPDIR%\winlogoff.exe
– %TEMPDIR%\wqefqw7e.exe
– %TEMPDIR%\wrcud12.exe
– %TEMPDIR%\wrfwe_di.exe
– %TEMPDIR%\wwwsssgen.exe

 Registrii sistemului Una din urmatoarele valori este adaugata in registri pentru pornirea automata a procesului dupa reboot:

–  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Desktop Security 2010"="%directorul de activare malware%\%fisier executat%"



Urmatoarele chei sunt adaugate in registrii sistemului:

– [HKCU\Software\Desktop Security 2010]
   • "LastTimeStamp"=dword:00000061
   • "LastUpdateDate"="2010/6/17"
   • "DaysInterval"=dword:00000007
   • "BackgroundScanTimeout"=dword:00000001
   • "ScanSystemOnStartup"=dword:00000001
   • "AutomaticallyUpdates"=dword:00000001
   • "MinimizeOnStart"=dword:00000000
   • "BackgroundScan"=dword:00000001
   • "UnsecureStartup"=dword:00000000
   • "SoundEnabled"=dword:00000001
   • "ScanDepth"=dword:0000005e

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   User Agent\Post Platform]
   • "_reg"=
   • "(Default)"="????)IC?D?D"
   • ?

Die Beschreibung wurde erstellt von Patrick Schoenherr am Donnerstag, 8. Juli 2010
Die Beschreibung wurde geändert von Patrick Schoenherr am Donnerstag, 8. Juli 2010

zurück . . . .