Vollständige Virenbeschreibung

Nume:	TR/Hosts.BD
Descoperit pe data de:	23/08/2010
Tip:	Troian
Subtip:	Hosts
ITW:	Da
Numar infectii raportate:	Mediu
Potential de raspandire:	Scazut spre mediu
Potential de distrugere:	Mediu
Fisier static:	Da
Marime:	126.976 Bytes
MD5:	efaa4cad70db7d08aa32ba670260a0d5
Versiune IVDF:	7.10.11.01 - Montag, 23. August 2010

General Metoda de raspandire:
   • Nu are rutina proprie de raspandire

Alias:
   • Symantec: W32.Pilleuz
   • Mcafee: Artemis!EFAA4CAD70DB
   • Kaspersky: Email-Worm.Win32.Joleee.fee
   • PCTools: Malware.Pilleuz
   • Eset: Win32/VB.PFT
   • AhnLab: Win-Trojan/Seint.126976.E
   • Authentium: W32/Trojan2.NDBD
   • DrWeb: Trojan.MulDrop1.42701
   • Fortinet: W32/Agent.E880!tr
   • Ikarus: Trojan.SuspectCRC

Sistem de operare:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Efecte secundare:
   • Creeaza un fisier
   • Infecteaza fisiere
   • Reduce setarile de securitate
   • Modificari in registri

Fisiere Se copiaza in urmatoarele locatii:
   • %SYSDIR%\syscache.exe
   • %system drive%\%directorul curent%\%fisier executat%

Modifica urmatorul fisier:
   • %SYSDIR%\drivers\etc\hosts

Sterge copia initiala a virusului.

Este creat fisierul:

– %WINDIR%\%executed file name%.bat Fisierul este executat dupa ce a fost creat. Fisierul batch este folosit pentru stergerea unui fisier.

Registrii sistemului Una din urmatoarele valori este adaugata in registri pentru pornirea automata a procesului dupa reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• "%executed file name%"="%SYSDIR%\syscache.exe"

Fisiere host Fisierul

– In acest caz inregistrarile existente raman nemodificate.

– Accesul la urmatoarele domenii este redirectionat catre alte destinatii:
   • 127.0.0.1 download82.avast.com; 127.0.0.1 mcafeefans.com;
      127.0.0.1 www.trapware.com; 127.0.0.1
      http://downloads1.kaspersky-labs.com; 127.0.0.1 u40.eset.com;
      127.0.0.1 sunbelt-software.com; 127.0.0.1 www.kztechs.com;
      127.0.0.1 forum.jiangmin.com; 127.0.0.1
      dnl-kr15.kaspersky-labs.com; 127.0.0.1 u51.eset.com; 127.0.0.1
      download83.avast.com; 127.0.0.1 media.fastclick.net; 127.0.0.1
      www.trendmicro.com; 127.0.0.1 http://downloads2.kaspersky-labs.com;
      127.0.0.1 u41.eset.com; 127.0.0.1 sygate.com; 127.0.0.1
      www.lavasoft.nu; 127.0.0.1 f-prot.com; 127.0.0.1
      dnl-kr2.kaspersky-labs.com; 127.0.0.1 u52.eset.com; 127.0.0.1
      download84.avast.com; 127.0.0.1 microsoft.com; 127.0.0.1
      www.trendmicro.com.cn; 127.0.0.1
      http://downloads3.kaspersky-labs.com; 127.0.0.1 u42.eset.com;
      127.0.0.1 symantec.com; 127.0.0.1 www.lavasoftusa.com; 127.0.0.1
       fr.bitdefender.com; 127.0.0.1 dnl-kr3.kaspersky-labs.com;
      127.0.0.1 u53.eset.com; 127.0.0.1 download85.avast.com;
      127.0.0.1 microsoft.fr; 127.0.0.1 www.trendmicro.fr; 127.0.0.1
       http://downloads4.kaspersky-labs.com; 127.0.0.1 u43.eset.com;
      127.0.0.1 symantec-ese.baynote.net; 127.0.0.1
      www.liutilities.com; 127.0.0.1 fr.drweb.com; 127.0.0.1
      dnl-kr4.kaspersky-labs.com; 127.0.0.1 u54.eset.com; 127.0.0.1
      download9.quickheal.com; 127.0.0.1 mirror02.gdata.de; 127.0.0.1
      www.uk.trendmicro-europe.com; 127.0.0.1 http://nod32.com; 127.0.0.1
       u44.eset.com; 127.0.0.1 tds.diamondcs.com.au; 127.0.0.1
      www.liveupdate.symantec.com; 127.0.0.1 fr.mcafee.com; 127.0.0.1
      dnl-kr5.kaspersky-labs.com; 127.0.0.1 u55.eset.com; 127.0.0.1
      download900.avast.com; 127.0.0.1 mmsk.cn; 127.0.0.1
      www.update.symantec.com; 127.0.0.1 bitdefender.secyber.net;
      127.0.0.1 u45.eset.com; 127.0.0.1 threatexpert.com

Detaliile fisierului Limbaj de programare:
Limbaj de programare folosit: C (compilat cu Microsoft Visual C++).

Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.

Die Beschreibung wurde erstellt von Carlos Valero Llabata am Dienstag, 24. August 2010
Die Beschreibung wurde geändert von Carlos Valero Llabata am Dienstag, 24. August 2010

zurück . . . .

PC Schutz

Gratis-Produkte

Beliebteste Produkte

Alle Produkte

Bundle-Lösungen

Arbeitsplatzrechner

Server

Bundle-Lösungen

Mail Gateways

Web Gateways

Kollaborationsplattformen

Für Privatanwender

Für Unternehmen

Virenlabor

Mehr Support

Avira Partner werden

Für Privatanwender

Für Unternehmen

Sie möchten das Produkt nur testen?

Handbücher und Tools