Nume:TR/FraudPack.azgx
Descoperit pe data de:11/07/2010
Tip:Troian
ITW:Da
Numar infectii raportate:Mediu spre ridicat
Potential de raspandire:Mediu
Potential de distrugere:Mediu
Fisier static:Da
Marime:293.632 Bytes
MD5:22238109881991c13518bf79d3f0bf71
Versiune IVDF:7.10.09.57 - Sonntag, 11. Juli 2010

 General Metoda de raspandire:
   • Nu are rutina proprie de raspandire


Alias:
   •  Symantec: SpywareGuard2008
   •  Mcafee: FakeAlert-SpyPro.gen.p
   •  Kaspersky: Trojan.Win32.FraudPack.azgx
   •  TrendMicro: TROJ_FAKEAV.SMES
   •  F-Secure: Trojan.Generic.KD.19444
   •  Sophos: Mal/FakeAV-DO
   •  Bitdefender: Trojan.Generic.KD.19444
   •  Panda: Trj/CI.A


Sistem de operare:
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Efecte secundare:
   • Blocheaza accesul la anumite website-uri
   • Blocheaza accesul la website-uri ale firmelor de securitate
   • Reduce setarile de securitate
   • Raporteaza probleme de sistem sau infectii malware inexistente si se ofera sa le repare daca utilizatorul cumpara aplicatia.
   • Modificari in registri
   • Redirectioneaza automat navigatorul la un website infectat


Imediat dupa lansarea in executie, pe ecran este afisat:


 Fisiere Se copiaza in urmatoarele locatii:
   • %HOME%\Local Settings\Application Data\%director ales aleator%
   • \%combinatie de caractere aleatoare%.exe

 Registrii sistemului Urmatoarele chei sunt adaugate in registri pentru a rula procesul la repornirea sistemului:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%combinatie de caractere aleatoare%"="%HOME%\Local Settings\Application Data\%director ales aleator%\%combinatie de caractere aleatoare%.exe"

– [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%combinatie de caractere aleatoare%"="%HOME%\Local Settings\Application Data\%director ales aleator%\%combinatie de caractere aleatoare%.exe"



Urmatoarele chei sunt adaugate in registrii sistemului:

– [HKCU\Software\AVSS]
   • "knkd"=dword:00000001
   • "aazalirt"=dword:00000001
   • "skaaanret"=dword:00000001
   • "jungertab"=dword:00000001
   • "zibaglertz"=dword:00000001
   • "iddqdops"=dword:00000001
   • "ronitfst"=dword:00000001
   • "tobmygers"=dword:00000001
   • "jikglond"=dword:00000001
   • "tobykke"=dword:00000001
   • "klopnidret"=dword:00000001
   • "jiklagka"=dword:00000001
   • "salrtybek"=dword:00000001
   • "seeukluba"=dword:00000001
   • "jrjakdsd"=dword:00000001
   • "krkdkdkee"=dword:00000001
   • "dkewiizkjdks"=dword:00000001
   • "dkekkrkska"=dword:00000001
   • "rkaskssd"=dword:00000001
   • "kuruhccdsdd"=dword:00000001
   • "krujmmwlrra"=dword:00000001
   • "kkwknrbsggeg"=dword:00000001
   • "ktknamwerr"=dword:00000001
   • "iqmcnoeqz"=dword:00000001
   • "ienotas"=dword:00000001
   • "krkmahejdk"=dword:00000001
   • "otpeppggq"=dword:00000001
   • "krtawefg"=dword:00000001
   • "oranerkka"=dword:00000001
   • "kitiiwhaas"=dword:00000001
   • "otowjdseww"=dword:00000001
   • "otnnbektre"=dword:00000001
   • "oropbbsee"=dword:00000001
   • "irprokwks"=dword:00000001
   • "ooorjaas"=dword:00000001
   • "id"="70.10"

– [HKCU\Software\AVSuitE]
– [HKLM\Software\AVSuitE]
– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
   Attachments]
   • "SaveZoneInformation"=dword:00000001

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
   Associations]
   • "LowRiskFileTypes"=".exe"

– [HKLM\Software\AVSS]


Urmatoarele chei din registri sunt modificate:

Reduce setarile de securitate din Internet Explorer:

– [HKCU\Software\Microsoft\Internet Explorer\Download]
   Noua valoare:
   • "CheckExeSignatures"="no"
   • "RunInvalidSignatures"=dword:00000001

– [HKCU\Software\Microsoft\Internet Explorer\PhishingFilter]
   Noua valoare:
   • "EnabledV8"=dword:00000000
   • "Enabled"=dword:00000000

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
   Vechea valoare:
   • "ProxyEnable"=dword:00000000
   Noua valoare:
   • "ProxyEnable"=dword:00000001
   • "ProxyServer"="http=127.0.0.1:5577"
   • "ProxyOverride"=""

 Detaliile fisierului Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.

Die Beschreibung wurde erstellt von Patrick Schoenherr am Dienstag, 13. Juli 2010
Die Beschreibung wurde geändert von Patrick Schoenherr am Donnerstag, 15. Juli 2010

zurück . . . .