Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Virus:TR/Dldr.Bagle.bty
Date discovered:20/11/2009
Type:Trojan
Subtype:Downloader
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:778.240 Bytes
MD5 checksum:44459be798cff8cf233d93a5feb1cd6e
IVDF version:7.10.01.39 - Friday, November 20, 2009

 General Aliases:
   •  Panda: W32/Bagle.VY.worm
   •  Eset: Win32/Bagle.TC
   •  Bitdefender: Trojan.Generic.2712849


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads a malicious file
   • Registry modification

 Files It tries to download a file:

The locations are the following:
   • http://netinzone.com/images/**********
   • http://www.gethelp.gr/images/**********
   • http://www.sittichland.net/images/**********
   • http://transcardan.com.ar/images/**********
   • http://escrevemos.com.br/images/**********
   • http://bigape.dk/images/**********
   • http://www.virtuaweb.ch/images/**********
   • http://sagaseguros.com.br/images/**********
   • http://gespat.com.br/images/**********
   • http://industriastodoflex.com.ar/images/**********
   • http://ellevang.aab-net.dk/images/**********
   • http://htcom.com.br/images/**********
   • http://caiunaredeibcn.com.br/images/**********
   • http://www.dinos-online-world.com/images/**********
   • http://www.revistaoyc.com.ar/images/**********
   • http://www.villaggioilgabbiano.com/images/**********
   • http://sotiere.fr/images/**********
   • http://apcsoftware.com.br/images/**********
   • http://s279848872.onlinehome.fr/images/**********
   • http://vdbquad.be/images/**********
   • http://www.pintatuvida.com/images/**********
   • http://www.grupomercadao.com.br/images/**********
   • http://fantastictimemachine.dk/images/**********
   • http://andalusiers.info/images/**********
   • http://fat-burner.org/images/**********
   • http://blackmagicsoft.com/images/**********
   • http://inmogestiongarraf.com/images/**********
   • http://2plus1.1h.pl/images/**********
   • http://tememe.org/images/**********
   • http://doctornelsonjaque.cl/images/**********
   • http://atelierdupetitprince.com/images/**********
   • http://aircomms.com/images/**********
   • http://vicentepastor.com/images/**********
   • http://troop147.com/images/**********
   • http://davincistudio.ncse.pl/images/**********
   • http://christinesalib.com/images/**********
   • http://www.oficinadapesca.com.br/images/**********
   • http://diariosalto.com/images/**********
   • http://amrc.no/images/**********
   • http://cerbeer.com.br/images/**********
   • http://www2.djleo.fr/images/**********
   • http://icastro.net/images/**********
   • http://kerrenneur.com/images/**********
   • http://olympiostudio.com.br/images/**********
   • http://inversionesabreu.com/images/**********
   • http://autismoburgos.org/images/**********
   • http://www.bbtinez.com/images/**********
   • http://2shoppers.net/images/**********
   • http://mobico.home.pl/images/**********
   • http://borgobrunelleschi.it/images/**********
   • http://www.elcompcomponentes.com.br/images/**********
   • http://joowiki.com/images/**********
   • http://idealuminosa.it/images/**********
   • http://eisnt.com/images/**********
   • http://bikerguide24.com/images/**********
   • http://ahavat-rahamim.org/images/**********
   • http://www.23-50.info/images/**********
   • http://safarispasodelindio.com.ar/images/**********
   • http://www.camperworkshop.com/images/**********
   • http://vgormaz.cl/images/**********
   • http://elecinfo.gr/images/**********
   • http://livinautic.com/images/**********
   • http://retroradar.com/images/**********
   • http://tagdemexico.com/images/**********
   • http://sikaniaservice.it/images/**********
   • http://tribuandco.fr/images/**********
   • http://www.roma136.org/images/**********
   • http://myprosoft.net/images/**********
   • http://sgktechnology.com/images/**********
   • http://jesusgarciaartglass.com/images/**********
   • http://lmiauto.webtolive.net/images/**********
   • http://cita-ambulatoria.com/images/**********
   • http://4technique.it/images/**********
   • http://rating-basilea2.it/images/**********
   • http://juegoalprode.com.ar/images/**********
   • http://canalcars.es/images/**********
   • http://www.lopeztenorio.com/images/**********
   • http://hotel-santamonica.com/images/**********
   • http://fantafoggia.netsons.org/images/**********
   • http://royal3d.com.br/images/**********
   • http://monpetitatelier.com/images/**********
   • http://da-ma.it/images/**********
   • http://greatvaluecarhire.com/images/**********
   • http://geoveneto.com.ar/images/**********
   • http://samueleiezzoni.com/images/**********
   • http://saltek.com.pl/images/**********
   • http://jubla-wuefla.ch/images/**********
   • http://automalatina.com.ar/images/**********
   • http://www.zonnedauwtje.nl/images/**********
   • http://webesencias.com/images/**********
   • http://www.chennaimallikaaresidency.com/images/**********
   • http://www.homejn.com/images/**********
   • http://www.marrakechgarden.com/images/**********
   • http://pierdek.ramtel.net.pl/images/**********
   • http://bandidos-cottbus.com/images/**********
   • http://www.wha.it/images/**********
   • http://margaritavenezuela.net/images/**********
   • http://www.madmusic.ch/images/**********
   • http://tresdefebreroinmuebles.com/images/**********
   • http://wilsonsavegnago.com.br/images/**********
   • http://nelium.be/images/**********
   • http://biolog.com.br/images/**********
   • http://avilasbravati.com.br/images/**********
   • http://iridyum.net/images/**********
   • http://reiniciapc.com/images/**********
   • http://sushitesters.com/images/**********
   • http://209.227.255.242/images/**********
   • http://cyrilcast.com/images/**********
   • http://reviveprojects.com.au/images/**********
   • http://aiag.com.ve/images/**********
   • http://jindexe.com/images/**********
   • http://garpez.com.ve/images/**********
   • http://stebot.net/images/**********
   • http://grasshopers.net/images/**********
   • http://robinudarchery.com/images/**********
   • http://grupamc.com/images/**********
   • http://crewdiscountcard.com/images/**********
   • http://www.pixelhotel.eu/images/**********
   • http://stylesnatch.com/images/**********
   • http://karlemans.com/images/**********
   • http://blackdino.bplaced.net/images/**********
   • http://habitatnet.it/images/**********
   • http://fernseh.com.ar/images/**********
   • http://rtoday.co.kr/images/**********
   • http://erolook.nl/images/**********
   • http://www.orangeinformatica.it/images/**********
   • http://gajaga.com/images/**********
   • http://claudiatarazona.com.ar/images/**********
   • http://synerweb.net/images/**********
   • http://baysu.net/images/**********
   • http://202.78.195.166/images/**********
   • http://snowdrop-cleaners.com/images/**********
   • http://escolinha.vndv.com/images/**********
   • http://blissalapitvany.hu/images/**********
   • http://80.93.94.8/images/**********
   • http://salonesalicante.com/images/**********
   • http://adultcam24.com/images/**********
   • http://www.canoniero.com/images/**********
   • http://vesomin.com/images/**********
   • http://recordgazette.com/images/**********
   • http://grupocontinental.es/images/**********
   • http://cie-tapisvolant.com/images/**********
   • http://giulianopizza.com.ar/images/**********
   • http://grada.es/images/**********
   • http://www.latinbodysauna.com.pe/images/**********
   • http://ore-photo.com/images/**********
   • http://immo-eden.com/images/**********
   • http://portal.silksoftsolutions.com/images/**********
   • http://Coldassaultteam.clanfree.net/images/**********
   • http://www.ave.airproduction.pl/images/**********
   • http://centrobrother.com/images/**********
   • http://lolacaprichos.com/images/**********
   • http://laurasusedpanties.com/images/**********
   • http://civetta.org/images/**********
   • http://actrevol.fr/images/**********
   • http://assurvieconseil.com/images/**********
   • http://sair.hosting.paran.com/images/**********
   • http://rockza-macau.com/images/**********
   • http://alagozluler.com/images/**********
   • http://moltosesso.info/images/**********
   • http://aluminis-teima.com/images/**********
   • http://vilaltaguitart.com/images/**********
   • http://s223425274.onlinehome.us/images/**********
   • http://nebulix.com/images/**********
   • http://gampi.com.br/images/**********
   • http://palermomix.uuuq.com/images/**********
   • http://mycheapauto.com/images/**********
   • http://kipc-me.com/images/**********
   • http://celuquimia.com/images/**********
   • http://loneranorte.com.ar/images/**********
   • http://communiquer.com.br/images/**********
   • http://aviva.ma/images/**********
   • http://proprietedeprestige.fr/images/**********
   • http://form-plast.com/images/**********
   • http://sherrylai.netfirms.com/images/**********
   • http://italiacampersud.it/images/**********
   • http://anima64.soge.net/images/**********
   • http://www.cestdubo.nl/images/**********
   • http://pictoryart.com/images/**********
   • http://circolopd.lu/images/**********
   • http://cepatel.it/images/**********
   • http://cafebali.cz/images/**********
   • http://www.switch.com.mt/images/**********
   • http://meafinance.com/images/**********

 Registry The following registry keys are added:

[HKCU\Software\bisoft]
   • "frstrunn"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows\Security Center\Svc]
   • "EnableLUA"=dword:0x00000016



The following registry key is changed:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   New value:
   • "EnableLUA"=dword:0x00000000

 Process termination List of processes that are terminated:
   • 0fcd0g.exe; a2cmd.exe; a2guard.exe; a2HiJackFree.exe; a2scan.exe;
      a2service.exe; a2start.exe; a2upd.exe; a2wizard.exe; aavshield.exe;
      aawservice.exe; About.exe; ABregmon.exe; ACAAS.exe; ACAEGMgr.exe;
      ACAIS.exe; ACALS.exe; ACASP.exe; AckWin32.exe; acs.exe; ADVCHK.EXE;
      Agb5.exe; Agb5_.exe; AhnSD.exe; AHProcMonServer.exe; airdefense.exe;
      AKrnl.exe; alarm.exe; ALERTSVC.EXE; ALive.exe; ALMon.exe;
      ALOGSERV.EXE; ALsvc.exe; ALUNOTIFY.EXE; ALUSchedulerSvc.exe; amon.exe;
      Anti-Trojan.exe; AntiVirus.exe; ANTS.EXE; antvrs.exe; appsvc32.exe;
      APVXDWIN.EXE; arcabit.core.configurator2.exe;
      arcabit.core.loggingservice.exe; ArcaCheck.exe; Armor2net.exe;
      ash.exe; ashAvast.exe; ashAvSrv.exe; ashchest.exe; ashDisp.exe;
      ashDug.exe; ashEnhcd.exe; ashLogV.exe; ashMaiSv.exe; ashPopWz.exe;
      ashQuick.exe; ashServ.exe; ashsimp2.exe; ashSimpl.exe; ashSkPcc.exe;
      ashSkPck.exe; ashUpd.exe; ashWebSv.exe; ash_UpdateMediator.exe;
      asOELnch.exe; aswDisp.exe; aswRegSvr.exe; aswupdsv.exe; AszMon.exe;
      ATCON.EXE; ATUPDATER.EXE; ATWATCH.EXE; AUPDATE.EXE; AUTODOWN.EXE;
      AutostartExplorer.exe; AUTOTRACE.EXE; AUTOUPDATE.EXE; av2009.exe;
      avadmin.exe; avcenter.exe; avciman.exe; avcmd.exe; avconfig.exe;
      Avconsol.exe; avenger.exe; AVENGINE.EXE; avesvc.exe; avfwsvc.exe;
      avgam.exe; avgamsvr.exe; avgarkt.exe; avgcc.exe; AVGCC32.EXE;
      avgchsvx.exe; avgcsrvx.exe; AVGCTRL.EXE; avgdiag.exe; avgemc.exe;
      avgfws8.exe; avgfwsrv.exe; avginet.exe; avgnpdln.exe; avgnpsvc.exe;
      avgnsx.exe; avgnt.exe; avgrssvc.exe; avgrsx.exe; avgscan.exe;
      AVGSERV.EXE; avgtray.exe; AVGUARD.EXE; avgupden.exe; avgupsvc.exe;
      avgvv.exe; avgw.exe; avgwdsvc.exe; avgwizfw.exe; avinitnt.exe;
      avirarkd.exe; AVKProxy.exe; AvkServ.exe; AVKService.exe; AVKTray.exe;
      AVKWCtl.exe; avmailc.exe; AVMenu.exe; avnotify.exe; AVP.EXE;
      AVP32.EXE; avpcc.exe; avpm.exe; avpmapp.exe; AVPUPD.EXE; avrpts.exe;
      avscan.exe; AVSCHED32.EXE; avserver.exe; avsynmgr.exe; avtray.exe;
      avwebgrd.exe; AVWUPD32.EXE; AVWUPSRV.EXE; AVXMONITOR9X.EXE;
      AVXMONITORNT.EXE; AVXQUAR.EXE; avz.exe; BackWeb-4476822.exe;
      bdagent.exe; bdmcon.exe; bdnews.exe; bdoesrv.exe; bdss.exe;
      bdsubmit.exe; bdsubmitwiz.exe; BDSurvey.exe; bdswitch.exe;
      bdwizreg.exe; BHCA.exe; blackd.exe; blackice.exe; blindman.exe;
      BTIni.exe; BTIniNT.exe; bullguard.exe; bullguardupdate.exe;
      BZDCOMLAUNCH.exe; BZRPCSS.exe; CAAntiSpyware.exe; cafix.exe;
      cagloballight.exe; capfasem.exe; capfsem.exe;
      cappactiveprotection.exe; casc.exe; CavApp.exe; CaVasm.exe;
      CavAUD.exe; CavEmSrv.exe; Cavmr.exe; CavMUD.exe; Cavoar.exe; CavQ.exe;
      cavrid.exe; CAVSCons.exe; cavse.exe; CavSn.exe; CavSub.exe;
      CAVSubmit.exe; CavUMAS.exe; CavUserUpd.exe; Cavvl.exe; ccApp.exe;
      ccEvtMgr.exe; cclaw.exe; ccprovsp.exe; ccProxy.exe;
      ccschedulersvc.exe; ccSetMgr.exe; ccSEUPDT.exe; ccSvcHst.exe;
      cctray.exe; CEmRep.exe; CFIAUDIT.EXE; cfp.exe; clamscan.exe;
      ClamTray.exe; ClamWin.exe; Claw95.exe; Claw95cf.exe; cleaner.exe;
      cleaner3.exe; ClientGUI.exe; CliSvc.exe; CLNTSVC.exe; CLTLMH.EXE;
      CMain.exe; cmdagent.exe; CMGrdian.exe; cntaosmgr.exe; coExport.exe;
      coInst.exe; ComboFix.exe; consctl.exe; copyx64.exe; cpd.exe;
      cssexc.exe; cssurf.exe; cureit.exe; custinstall.exe; custsetup.exe;
      DarkSpy105.exe; defensewall.exe; DefWatch.exe; dislite.exe;
      DNLP0808.exe; DOORS.EXE; dpatrolq.exe; drvctl.exe; DrVirus.exe;
      DrvMap.exe; drwadins.exe; drweb32w.exe; drweb386.exe; drwebscd.exe;
      DRWEBUPW.EXE; drwebwcl.exe; drwreg.exe; dsa.exe; ecmd.exe;
      EFAInst.exe; egni.exe; egui.exe; ekrn.exe; elogsvc.exe; EMM386.EXE;
      ESCANH95.EXE; ESCANHNT.EXE; escanmon.exe; esrreq.exe; essact.exe;
      ewidoctrl.exe; exit_av.exe; EzAntivirusRegistrationCheck.exe;
      F-AGNT95.EXE; F-PROT95.EXE; F-Sched.exe; F-StopW.EXE; FAMEH32.exe;
      FAST.EXE; FCH32.exe; feedback.exe; filemonsv.exe; firebird.exe;
      FireSvc.exe; FireTray.exe; FIREWALL.EXE; FLOPPY.EXE; FLOPPY9x.EXE;
      FLOPPYME.EXE; FPAVServer.exe; fpavupdm.exe; FProtTray.exe; fpscan.exe;
      fptrayproc.exe; FPWin.exe; freshclam.exe; FRW.EXE; fsample.exe;
      fsaua.exe; fsauach.exe; fsav.exe; fsav32.exe; fsavaui.exe;
      fsavgui.exe; fsavstrt.exe; fsavwsch.exe; fsavwscr.exe; fsbwsys.exe;
      fsdbuh.exe; fsdc.exe; fsdfwd.exe; FSDIAG.exe; FsDiagUi.exe;
      fsfwwsch.exe; fsfwwscr.exe; fsgetwab.exe; fsgk32.exe; fsgk32st.exe;
      fsguidll.exe; fsguiexe.exe; FSHDLL32.EXE; fshelp.exe; FSHOTFIX.exe;
      fsihcomp.exe; fsihs.exe; FSIMAGE.EXE; FSLAUNCH.exe; FSM32.EXE;
      FSMA32.EXE; FSMB32.exe; fsorsp.exe; fspc.exe; fspex.exe; fsqh.exe;
      fssf.exe; fssg.exe; fssm32.exe; fsstm.exe; fssw.exe; fstlui.exe;
      fsuninst.exe; fsus.exe; FVProtect.exe; GadgetCA.exe; gcasDtServ.exe;
      gcasServ.exe; GDFirewallTray.exe; GDFwSvc.exe; GhostStartTrayApp.exe;
      GhostTray.exe; GIANTAntiSpywareMain.exe; GIANTAntiSpywareUpdater.exe;
      GUARD.EXE; guardgni.exe; GUARDGUI.EXE; GuardNT.exe; helper.exe;
      HijackThis.exe; HiJackThis_v2.exe; hipsdiag.exe; hookAnalyzer.exe;
      HRegMon.exe; Hrres.exe; HSockPE.exe; hsplayer.exe; HUpdate.EXE;
      iamapp.exe; iamserv.exe; IceSword.exe; ICLOAD95.EXE; ICLOADNT.EXE;
      ICMON.EXE; ICSSUPPNT.EXE; ICSUPP95.EXE; ICSUPPNT.EXE; IERegFix.exe;
      IEShow.exe; IFACE.EXE; ih8.exe; ih8run.exe; ILAUNCHR.exe; INETUPD.EXE;
      Inicio.exe; InocIT.exe; InoRpc.exe; InoRT.exe; InoTask.exe;
      InoUpTNG.exe; InstallCAVS.exe; InstallLicense.exe; InstallLSP.exe;
      InstCA.exe; InstLsp.exe; INWISE.EXE; ioloAV.exe; ioloFW.exe;
      IOMON98.EXE; isafe.exe; ISATRAY.EXE; ISPNews.exe; isPwdsvc.exe;
      ISRV95.EXE; ISSVC.exe; isUAC.exe; itmrtsvc.exe; JEDI.EXE; jpf.exe;
      jpfsrv.exe; jpf_ip.dll; KAV.exe; kavmm.exe; KAVPF.exe; KavPFW.exe;
      KAVStart.exe; KAVSvc.exe; KAVSvcUI.EXE; KMailMon.EXE; KPfwSvc.EXE;
      KWatch.EXE; LAUNCH.exe; licmgr.exe; livesrv.exe; LiveUpdate.exe;
      LOCKDOWN2000.EXE; LogWatNT.exe; lpfw.exe; LUALL.EXE;
      LUCallbackProxy.exe; LUCheck.exe; LUCOMSERVER.EXE;
      LuComServer_3_2.EXE; LuConfig.exe; LUInit.exe; Luupdate.exe;
      MakeISO.exe; MalwareRemoval.exe; mantispm.exe; MBackMonitor.exe;
      MCAGENT.EXE; mcappins.exe; mcmnhdlr.exe; mcmscsvc.exe; mcnasvc.exe;
      mcproxy.exe; mcregwiz.exe; Mcshield.exe; mcsysmon.exe; MCUI32.exe;
      mcuimgr.exe; MCUPDATE.EXE; mcvsmap.exe; mcvsshld.exe; MemString.exe;
      MINILOG.EXE; MONITOR.EXE; monlite.exe; MonSysNT.exe; MOOLIVE.EXE;
      moontray.exe; MpEng.exe; mpfagent.exe; mpfservice.exe; mpftray.exe;
      mpssvc.exe; mrtstub.exe; MSASCui.exe; MskSrver.exe; MSMPSVC.exe;
      MSProxy.ahn; mva.exe; MVC.exe; mwagent.exe; mwaser.exe; myAgtSvc.exe;
      myagttry.exe; navapsvc.exe; NAVAPW32.EXE; NavLu32.exe; NavShcom.exe;
      NAVStub.exe; Navw32.exe; navwnt.exe; NDD32.EXE; NeoWatchLog.exe;
      NeoWatchTray.exe; netmonsv.exe; NetstatViewer.exe; nip.exe;
      nisoptui.exe; NISUM.EXE; njeeves.exe; NMAIN.EXE; nmapapp.exe;
      nod32.exe; nod32krn.exe; nod32kui.exe; nodlogin.exe; NORMIST.EXE;
      NotifyHA.exe; notstart.exe; npavtray.exe; NPFMNTOR.EXE; npfmsg.exe;
      NPROTECT.EXE; NSCHED32.EXE; NSMdtr.exe; NssServ.exe; NssTray.exe;
      ntrtscan.exe; NTXconfig.exe; NUPGRADE.EXE; NVC95.EXE; nvcoas.exe;
      Nvcod.exe; nvcsched.exe; Nvcte.exe; Nvcut.exe; nvoy.exe; NWCDEX.EXE;
      NWService.exe; oasrv.exe; oaui.exe; OfcPfwSvc.exe; olAddin.exe;
      OnAccessInstaller.exe; op_mon.exe; osCheck.exe; OUTPOST.EXE;
      PartIn.exe; PartIn9x.exe; partinfo.exe; PartInNT.exe; PAV.EXE;
      PAVARK.exe; pavbckpt.exe; PavFires.exe; PavFnSvr.exe; Pavkre.exe;
      PavProt.exe; pavProxy.exe; pavprsrv.exe; pavsrv51.exe; PAVSS.EXE;
      pccguide.exe; PCCIOMON.EXE; pccntmon.exe; PCCPFW.exe; PcCtlCom.exe;
      PCTAV.exe; pctsauxs.exe; pctssvc.exe; pctstray.exe; PERSFW.EXE;
      pertsk.exe; PERVAC.EXE; pf6.exe; pg2.exe; PIFSvc.exe; PM8Flash.exe;
      PMagic.exe; PMagic9x.exe; PMagicBT.exe; PMagicNT.exe; PNMSRV.EXE;
      POLUTIL.exe; POP3TRAP.EXE; POPROXY.EXE; popscan.exe; postinstall.exe;
      PP2000.exe; ppavmon.exe; ppctlpriv.exe; ppfw.exe; ppinupdt.exe;
      ppserv.exe; pptbc.exe; PQBOOT.EXE; Pqboot32.exe; PQBOOTX.EXE;
      pqbw.exe; PQLAUNCH.EXE; PQMAGIC.EXE; PqPe.exe; pqpe9x.exe; pqpent.exe;
      PQV2iSvc.exe; preconfig.exe; preupd.exe; prevsrv.exe; PrevxSetup.exe;
      ProcessViewer.exe; psctrls.exe; pshost.exe; PsImSvc.exe; psksvc.exe;
      PTEDIT.EXE; PTEDIT32.EXE; PTEPIT32.EXE; PXAgent.exe; PXConsole.exe;
      PXL.exe; PXL1.exe; PXReset.exe; pxsupport.exe; QHM32.EXE;
      QHONLINE.EXE; QHONSVC.EXE; QHPF.EXE; qhwscsvc.exe; qklez.exe;
      qoeloader.exe; qrtfix.exe; quaranti.exe; RavMon.exe; RavTimer.exe;
      Realmon.exe; REALMON95.EXE; REATOGO_START.exe; register.exe;
      removeit.exe; Remover.exe; Rescue.exe; rfwmain.exe; RKUnhooker.exe;
      RkUService.exe; RootkitBuster.exe; Rootkit_Detective.exe; Rtvscan.exe;
      RTVSCN95.EXE; RuLaunch.exe; ruleeditor.exe; RunSetup.exe; sarcli.exe;
      sargui.exe; SAV32CLI.EXE; SAVAdminService.exe; SAVMain.exe;
      savprogress.exe; SavRoam.exe; SAVScan.exe; savservice.exe; SavUI.exe;
      sbamsvc.exe; sbamtray.exe; sbpfcl.exe; sbpflnch.exe; sbpfsvc.exe;
      SCAN32.EXE; scanner.exe; ScanningProcess.exe; scfmanager.exe;
      scfservice.exe; scftray.exe; sched.exe; sdhelp.exe; sdinvoker.exe;
      sdloader.exe; SDTrayApp.exe; seccenter.exe; SERVIC~1.EXE; Sevinst.exe;
      sfctlcom.exe; shortcutCreator.exe; SHSTAT.exe; sigtool.exe;
      SiteCli.exe; smc.exe; SNDSrvc.exe; SNUTIL.EXE; SPBBCSvc.exe;
      SPHINX.EXE; spiderml.exe; spidernt.exe; Spiderui.exe; sporder.exe;
      SpybotSD.exe; SpywareTerminatorShield.exe; SPYXX.EXE; sp_rsser.exe;
      srvload.exe; SS3EDIT.EXE; StartMyagtTry.exe; start_diag.exe;
      stopsignav.exe; SubmitFiles.exe; SUPERAntiSpyware.exe; svcntaux.exe;
      swAgent.exe; swdoctor.exe; swdsvc.exe; SWNETSUP.EXE;
      SymantecRootInstaller.exe; SymDgnHC.exe; SymErr.exe; SymIMIns.exe;
      symlcsvc.exe; SymProxySvc.exe; SymSPort.exe; SymWSC.exe; SYNMGR.EXE;
      Sysinfo.exe; SysSafe.exe; SystemGuardAlerter.exe; taskscheduler.exe;
      TAUMON.EXE; TBMon.exe; TC.EXE; tca.exe; TCM.EXE; TDS-3.EXE;
      TeaTimer.exe; TFAK.EXE; tfservice.exe; tgsvcstp.exe; THAV.EXE;
      THGnard.exe; THSM.EXE; Tmas.exe; tmas_oemon.exe; tmbmsrv.exe;
      tmlisten.exe; Tmntsrv.exe; TmPfw.exe; tmproxy.exe; TNBUtil.exe;
      tpsrv.exe; tracelog.exe; trayicos.exe; traysser.exe; Trjscan.exe;
      TrojanGuarder.exe; TrojanHunter.exe; trtddptr.exe; ufseagnt.exe;
      uiscan.exe; uiStub.exe; UmxAgent.exe; UmxCfg.exe; umxfwhlp.exe;
      UmxPol.exe; UninstallCAVS.exe; Uninstaller.exe; UninstallLSP.exe;
      UnlockerAssistant.exe; unp_test.exe; Up2Date.exe; UPDATE.EXE;
      UpdaterUI.exe; updclient.exe; upgrepl.exe; UPSObMaker.exe; UUpd.exe;
      V3ClnSrv.exe; V3SP.exe; V3Svc.exe; vav.exe; Vba32ECM.exe;
      Vba32ifs.exe; vba32ldr.exe; Vba32PP3.exe; VBSNTW.exe; vchk.exe;
      vcrmon.exe; vetmsg.exe; VetTray.exe; viritexp.exe; viritsvc.exe;
      VirusKeeper.exe; VirusNews.exe; VistAux.exe; VisthLic.exe;
      VisthUpd.exe; VPC32.exe; VPTRAY.EXE; vrfwsvc.exe; VRMONNT.EXE;
      vrmonsvc.exe; vrrw32.exe; vseamps.exe; VSECOMR.EXE; vsedsps.exe;
      vseqrts.exe; Vshwin32.exe; vsmon.exe; vsserv.exe; VsStat.exe;
      WATCHDOG.EXE; Wclose.exe; webfiltr.exe; WebProxy.exe; Webscanx.exe;
      WEBTRAP.EXE; WFPUnins.exe; WGFE95.EXE; wil.exe; Winaw32.exe;
      WindowList.exe; WinPFind3U.exe; winroute.exe; winss.exe;
      winssnotify.exe; WRADMIN.EXE; WRCTRL.EXE; writespid.exe; WRPROG.EXE;
      WSCStub.exe; wsctool.exe; xcommsvr.exe; zanda.exe; zatutor.exe;
      ZAUINST.EXE; zauninst.exe; zlclient.exe; ZLH.exe; zonealarm.exe;
      _AVP32.EXE; _AVPCC.EXE; _AVPM.EXE; a2cmd.exe; a2guard.exe;
      a2HiJackFree.exe; a2scan.exe; a2service.exe; a2start.exe; a2upd.exe;
      a2wizard.exe; aavshield.exe; About.exe; AckWin32.exe; acs.exe;
      ADVCHK.EXE; Agb5 .exe; Agb5.exe; AhnSD.exe; AHProcMonServer.exe;
      airdefense.exe; AKrnl.exe; ALERTSVC.EXE; ALive.exe; ALMon.exe;
      ALOGSERV.EXE; ALsvc.exe; ALUNOTIFY.EXE; amon.exe; Anti-Trojan.exe;
      AntiVirScheduler; AntiVirService; AntiVirus.exe; ANTS.EXE;
      APVXDWIN.EXE; Armor2net.exe; ash UpdateMediator.exe; ash.exe;
      ashAvast.exe; ashAvSrv.exe; ashchest.exe; ashdisp.exe; ashDug.exe;
      ashEnhcd.exe; ashLogV.exe; ashMaiSv.exe; ashPopWz.exe; ashQuick.exe;
      ashServ.exe; ashsimp2.exe; ashSimpl.exe; ashSkPcc.exe; ashSkPck.exe;
      ashUpd.exe; ashWebSv.exe; asOELnch.exe; aswDisp.exe; aswRegSvr.exe;
      aswUpdSv.exe; ATCON.EXE; ATUPDATER.EXE; ATWATCH.EXE; AUPDATE.EXE;
      AUTODOWN.EXE; AutostartExplorer.exe; AUTOTRACE.EXE; AUTOUPDATE.EXE;
      avadmin.exe; avcenter.exe; avciman.exe; avcmd.exe; avconfig.exe;
      Avconsol.exe; AVENGINE.EXE; avgamsvr.exe; avgcc.exe; AVGCC32.EXE;
      avgchsvx.exe; avgcsrvx.exe; AVGCTRL.EXE; avgdiag.exe; avgemc.exe;
      avgfwsrv.exe; avginet.exe; avgnpdln.exe; avgnpsvc.exe; avgnsx.exe;
      AVGNT.EXE; avgntdd; avgntmgr; avgrssvc.exe; avgrsx.exe; avgscan.exe;
      AVGSERV.EXE; avgtray.exe; AVGUARD.EXE; avgupden.exe; avgupsvc.exe;
      avgvv.exe; avgw.exe; avgwdsvc.exe; avgwizfw.exe; avinitnt.exe;
      AVKProxy.exe; AvkServ.exe; AVKService.exe; AVKTray.exe; AVKWCtl.exe;
      avnotify.exe; AVP.EXE; AVP32.EXE; AVPCC.EXE; AVPM.EXE; AVPUPD.EXE;
      avrpts.exe; avscan.exe; AVSCHED32.EXE; avsynmgr.exe; avtray.exe;
      AVWUPD32.EXE; AVWUPSRV.EXE; AVXMONITOR9X.EXE; AVXMONITORNT.EXE;
      AVXQUAR.EXE; BackWeb-4476822.exe; bdagent.exe; bdmcon.exe; bdnews.exe;
      bdoesrv.exe; bdss.exe; bdsubmit.exe; bdsubmitwiz.exe; BDSurvey.exe;
      bdswitch.exe; bdwizreg.exe; BHCA.exe; blackd.exe; blackice.exe;
      blindman.exe; BTIni.exe; BTIniNT.exe; cafix.exe; casc.exe; CavApp.exe;
      CaVasm.exe; CavAUD.exe; CavEmSrv.exe; Cavmr.exe; CavMUD.exe;
      Cavoar.exe; CavQ.exe; cavrid.exe; CAVSCons.exe; cavse.exe; CavSn.exe;
      CavSub.exe; CAVSubmit.exe; CavUMAS.exe; CavUserUpd.exe; Cavvl.exe;
      ccApp.exe; ccEvtMgr.exe; ccprovsp.exe; ccProxy.exe;
      ccschedulersvc.exe; ccSetMgr.exe; ccSEUPDT.exe; ccSvcHst.exe;
      CEmRep.exe; CFIAUDIT.EXE; clamscan.exe; ClamTray.exe; ClamWin.exe;
      Claw95.exe; Claw95cf.exe; cleaner.exe; cleaner3.exe; CliSvc.exe;
      CLTLMH.EXE; CMain.exe; cmdagent.exe; CMGrdian.exe; coExport.exe;
      coInst.exe; copyx64.exe; cpd.exe; cssexc.exe; custinstall.exe;
      custsetup.exe; defensewall.exe; DefWatch.exe; dislite.exe;
      DNLP0808.exe; DOORS.EXE; dpatrolq.exe; drvctl.exe; DrVirus.exe;
      DrvMap.exe; drwadins.exe; drweb32w.exe; drweb386.exe; drwebscd.exe;
      DRWEBUPW.EXE; drwebwcl.exe; drwreg.exe; ecmd.exe; EFAInst.exe;
      egni.exe; ekrn.exe; EMLPROUI.EXE; EMLPROXY.EXE; EMM386.EXE;
      ESCANH95.EXE; ESCANHNT.EXE; ewidoctrl.exe; exit av.exe;
      EzAntivirusRegistrationCheck.exe; F-AGNT95.EXE; F-PROT95.EXE;
      F-Sched.exe; F-StopW.EXE; FAMEH32.exe; FAST.EXE; FCH32.exe;
      firebird.exe; FireSvc.exe; FireTray.exe; FIREWALL.EXE; FLOPPY.EXE;
      FLOPPY9x.EXE; FLOPPYME.EXE; FPAVServer.exe; fpavupdm.exe;
      FProtTray.exe; fpscan.exe; fptrayproc.exe; FPWin.exe; freshclam.exe;
      FRW.EXE; fsample.exe; fsaua.exe; fsauach.exe; fsav.exe; fsav32.exe;
      fsavaui.exe; fsavgui.exe; fsavstrt.exe; fsavwsch.exe; fsavwscr.exe;
      fsbwsys.exe; fsdbuh.exe; fsdc.exe; fsdfwd.exe; FSDIAG.exe;
      FsDiagUi.exe; fsfwwsch.exe; fsfwwscr.exe; fsgetwab.exe; fsgk32.exe;
      fsgk32st.exe; fsguidll.exe; fsguiexe.exe; FSHDLL32.EXE; fshelp.exe;
      FSHOTFIX.exe; fsihcomp.exe; fsihs.exe; FSIMAGE.EXE; FSLAUNCH.exe;
      FSM32.EXE; FSMA32.EXE; FSMB32.exe; fsorsp.exe; fspc.exe; fspex.exe;
      fsqh.exe; fssf.exe; fssg.exe; fssm32.exe; fsstm.exe; fssw.exe;
      fstlui.exe; fsuninst.exe; fsus.exe; GadgetCA.exe; gcasDtServ.exe;
      gcasServ.exe; GDFirewallTray.exe; GDFwSvc.exe;
      GIANTAntiSpywareMain.exe; GIANTAntiSpywareUpdater.exe; GUARD.EXE;
      guardgni.exe; GUARDGUI.EXE; GuardNT.exe; helper.exe; hipsdiag.exe;
      HRegMon.exe; Hrres.exe; HSockPE.exe; hsplayer.exe; HUpdate.EXE;
      iamapp.exe; iamserv.exe; ICLOAD95.EXE; ICLOADNT.EXE; ICMON.EXE;
      ICSSUPPNT.EXE; ICSUPP95.EXE; ICSUPPNT.EXE; IERegFix.exe; IFACE.EXE;
      ih8.exe; ih8run.exe; ILAUNCHR.exe; INETUPD.EXE; InocIT.exe;
      InoRpc.exe; InoRT.exe; InoTask.exe; InoUpTNG.exe; InstallCAVS.exe;
      InstallLicense.exe; InstallLSP.exe; InstCA.exe; InstLsp.exe;
      INWISE.EXE; IOMON98.EXE; isafe.exe; ISATRAY.EXE; ISPNews.exe;
      isPwdsvc.exe; ISRV95.EXE; ISSVC.exe; isUAC.exe; JEDI.EXE; KAV.exe;
      kavmm.exe; KAVPF.exe; KavPFW.exe; KAVStart.exe; KAVSvc.exe;
      KAVSvcUI.EXE; KMailMon.EXE; KPfwSvc.EXE; KWatch.EXE; licmgr.exe;
      livesrv.exe; LiveUpdate.exe; LOCKDOWN2000.EXE; LogWatNT.exe; lpfw.exe;
      LUALL.EXE; LUCallbackProxy.exe; LUCheck.exe; LuComServer 3 2.EXE;
      LUCOMSERVER.EXE; LuConfig.exe; LUInit.exe; Luupdate.exe;
      MalwareRemoval.exe; MCAGENT.EXE; mcmnhdlr.exe; mcregwiz.exe;
      Mcshield.exe; MCUI32.exe; MCUPDATE.EXE; mcvsshld.exe; MemString.exe;
      MINILOG.EXE; MONITOR.EXE; monlite.exe; MonSysNT.exe; MOOLIVE.EXE;
      MpEng.exe; mpssvc.exe; msascui.exe; MSMPSVC.exe; mva.exe; MVC.exe;
      myAgtSvc.exe; myagttry.exe; navapsvc.exe; NAVAPW32.EXE; NavLu32.exe;
      NAVStub.exe; Navw32.exe; navwnt.exe; NDD32.EXE; NeoWatchLog.exe;
      NeoWatchTray.exe; NetstatViewer.exe; nisoptui.exe; NISSERV; NISUM.EXE;
      NMAIN.EXE; nmapapp.exe; nod32.exe; nod32krn.exe; nod32kui.exe;
      NORMIST.EXE; NotifyHA.exe; notstart.exe; npavtray.exe; NPFMNTOR.EXE;
      npfmsg.exe; NPROTECT.EXE; NSCHED32.EXE; NSMdtr.exe; NssServ.exe;
      NssTray.exe; ntrtscan.exe; NTXconfig.exe; NUPGRADE.EXE; NVC95.EXE;
      Nvcod.exe; Nvcte.exe; Nvcut.exe; NWCDEX.EXE; NWService.exe; oasrv.exe;
      oaui.exe; OfcPfwSvc.exe; olAddin.exe; OnAccessInstaller.exe;
      OPSSVC.EXE; op_mon.exe; osCheck.exe; OUTPOST.EXE; PartIn.exe;
      PartIn9x.exe; partinfo.exe; PartInNT.exe; PAV.EXE; PavFires.exe;
      PavFnSvr.exe; Pavkre.exe; PavProt.exe; pavProxy.exe; pavprsrv.exe;
      pavsrv51.exe; PAVSS.EXE; pccguide.exe; PCCIOMON.EXE; pccntmon.exe;
      PCCPFW.exe; PcCtlCom.exe; PCTAV.exe; PERSFW.EXE; pertsk.exe;
      PERVAC.EXE; PM8Flash.exe; PMagic.exe; PMagic9x.exe; PMagicBT.exe;
      PMagicNT.exe; PNMSRV.EXE; POLUTIL.exe; POP3TRAP.EXE; POPROXY.EXE;
      postinstall.exe; ppfw.exe; PQBOOT.EXE; Pqboot32.exe; PQBOOTX.EXE;
      pqbw.exe; PQLAUNCH.EXE; PQMAGIC.EXE; PqPe.exe; pqpe9x.exe; pqpent.exe;
      preconfig.exe; preupd.exe; prevsrv.exe; PrevxSetup.exe;
      ProcessViewer.exe; psctrls.exe; pshost.exe; PsImSvc.exe; PTEDIT.EXE;
      PTEDIT32.EXE; PTEPIT32.EXE; PXAgent.exe; PXConsole.exe; PXL.exe;
      PXL1.exe; PXReset.exe; pxsupport.exe; QHM32.EXE; QHONLINE.EXE;
      QHONSVC.EXE; QHPF.EXE; qhwscsvc.exe; qklez.exe; qrtfix.exe;
      quaranti.exe; QUHLPSVC.EXE; RavMon.exe; RavTimer.exe; Realmon.exe;
      REALMON95.EXE; register.exe; removeit.exe; Remover.exe; Rescue.exe;
      rfwmain.exe; Rtvscan.exe; RTVSCN95.EXE; RuLaunch.exe; RunSetup.exe;
      sarcli.exe; sargui.exe; SAV32CLI.EXE; SAVAdminService.exe;
      SAVMain.exe; savprogress.exe; SAVScan.exe; SCAN32.EXE; scanner.exe;
      ScanningProcess.exe; SCANWSCS.EXE; sched.exe; sdhelp.exe;
      sdinvoker.exe; sdloader.exe; SDTrayApp.exe; seccenter.exe;
      SERVIC~1.EXE; Sevinst.exe; SHSTAT.EXE; sigtool.exe; SiteCli.exe;
      smc.exe; SNDSrvc.exe; SNUTIL.EXE; SPBBCSvc.exe; SPHINX.EXE;
      spiderml.exe; spidernt.exe; Spiderui.exe; sporder.exe; SpybotSD.exe;
      SPYXX.EXE; SS3EDIT.EXE; start diag.exe; stopsignav.exe;
      SubmitFiles.exe; svcntaux.exe; swAgent.exe; swdoctor.exe; swdsvc.exe;
      SWNETSUP.EXE; SymantecRootInstaller.exe; SymDgnHC.exe; SymErr.exe;
      SymIMIns.exe; symlcsvc.exe; SymProxySvc.exe; SymSPort.exe; SymWSC.exe;
      SYNMGR.EXE; Sysinfo.exe; TAUMON.EXE; TBMon.exe; TC.EXE; tca.exe;
      TCM.EXE; TDS-3.EXE; TeaTimer.exe; TFAK.EXE; tgsvcstp.exe; THAV.EXE;
      THGnard.exe; THSM.EXE; Tmas.exe; tmlisten.exe; Tmntsrv.exe; TmPfw.exe;
      tmproxy.exe; tnbutil.exe; tracelog.exe; TRJSCAN.EXE;
      TrojanGuarder.exe; TrojanHunter.exe; trtddptr.exe; uiscan.exe;
      uiStub.exe; UmxAgent.exe; UmxCfg.exe; UmxPol.exe; UninstallCAVS.exe;
      Uninstaller.exe; UninstallLSP.exe; unp test.exe; Up2Date.exe;
      UPDATE.EXE; UpdaterUI.exe; updclient.exe; upgrepl.exe; UPSObMaker.exe;
      UUpd.exe; V3SP.exe; V3Svc.exe; Vba32ECM.exe; Vba32ifs.exe;
      vba32ldr.exe; Vba32PP3.exe; VBSNTW.exe; vchk.exe; vcrmon.exe;
      vetmsg.exe; VetTray.exe; viritexp.exe; viritsvc.exe; VirusKeeper.exe;
      VirusNews.exe; VistAux.exe; VisthLic.exe; VisthUpd.exe; VPTRAY.EXE;
      vrfwsvc.exe; VRMONNT.EXE; vrmonsvc.exe; vrrw32.exe; vseamps.exe;
      VSECOMR.EXE; vsedsps.exe; vseqrts.exe; Vshwin32.exe; vsmon.exe;
      vsserv.exe; VsStat.exe; w9xpopen; WATCHDOG.EXE; Wclose.exe;
      webfiltr.exe; WebProxy.exe; Webscanx.exe; WEBTRAP.EXE; WFPUnins.exe;
      WGFE95.EXE; wil.exe; Winaw32.exe; WindowList.exe; winroute.exe;
      winss.exe; winssnotify.exe; WRADMIN.EXE; WRCTRL.EXE; writespid.exe;
      WRPROG.EXE; WSCStub.exe; wsctool.exe; xcommsvr.exe; zatutor.exe;
      ZAUINST.EXE; zauninst.exe; zlclient.exe; zonealarm.exe


 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Die Beschreibung wurde erstellt von Petre Galan am Montag, 12. April 2010
Die Beschreibung wurde geändert von Petre Galan am Montag, 12. April 2010

zurück . . . .