Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Date discovered:03/12/2009
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:496.640 Bytes
MD5 checksum:4d35c61b6dac87a64e033be00932d8ee
IVDF version:

 General Aliases:
   •  Panda: Trj/Buzus.LF
   •  Eset: Win32/Dewnad.AA
   •  Bitdefender: Trojan.Generic.2815872

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Drops malicious files
   • Registry modification

 Files It copies itself to the following location:
   • %HOME%\Application Data\Microsoft\winlogon.exe

It tries to executes the following file:

– Filename:
   • "%HOME%\Application Data\Microsoft\winlogon.exe"

 Registry One of the following values is added in order to run the process after reboot:

–  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "winlogon.exe"="%HOME%\Application Data\Microsoft\winlogon.exe"

 Backdoor The following port is opened:

– no6.no**********.info on TCP port 3174

 File details Programming language:
The malware program was written in Delphi.

Die Beschreibung wurde erstellt von Petre Galan am Donnerstag, 8. April 2010
Die Beschreibung wurde geändert von Petre Galan am Donnerstag, 8. April 2010

zurück . . . .