Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Virus:TR/Agent.524288.40
Date discovered:11/05/2007
Type:Trojan
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Medium
File size:520469 Bytes
MD5 checksum:0741367b275c28de39543c0d974097d9
VDF version:6.38.01.122
IVDF version:6.38.01.128 - Friday, May 11, 2007

 General Method of propagation:
    Autorun feature


Aliases:
   •  Sophos: Mal/Sohana-A
   •  Bitdefender: Worm.Generic.382114
   •  Eset: Win32/Autoit.HY worm
     DrWeb: Trojan.DownLoad1.53716
     Norman: W32/Obfuscated.H!genr


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Drops files
   • Registry modification

 Files It copies itself to the following locations:
   • %WINDIR%\missAU.exe
   • C:\run\1



It deletes the following files:
   • %TEMPDIR%\scs8.tmp
   • %TEMPDIR%\scs9.tmp



The following file is created:

Non malicious file:
   • %WINDIR%\schost.exe

 Registry The following registry key is changed:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   Old value:
   • "Userinit"="c:\windows\\system32\\userinit.exe,"
   New value:
   • "Userinit"="c:\windows\\missAU.exe"

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS server is contacted:
   • boyvippro.c**********team.com


Event handler:
It creates the following Event handlers:
   • ReadProcessMemory
   • WriteProcessMemory
   • GetKeyState
   • GetAsyncKeyState
   • FtpOpenFile
   • InternetOpenUrl
   • GetWindowsDirectory
   • IsProcessorFeaturePresent
   • CreateProcess
   • CreateFile
   • GetDriveType
   • CreateToolhelp32Snapshot
   • FindWindow
   • ShellExecute

Die Beschreibung wurde erstellt von Wensin Lee am Donnerstag, 11. April 2013
Die Beschreibung wurde geändert von Wensin Lee am Donnerstag, 11. April 2013

zurück . . . .