Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Date discovered:10/03/2010
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:118.784 Bytes
MD5 checksum:038254c3df0a864d10eecba3477003f0
IVDF version:

 General Aliases:
   •  Sophos: Troj/Agent-NAG
   •  Panda: Bck/IRCBot.CWM
   •  Eset: Win32/Boberog.AK
   •  Bitdefender: IRC-Worm.Generic.10552

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Drops malicious files
   • Lowers security settings
   • Registry modification
   • Third party control

 Files It copies itself to the following location:
   • %WINDIR%\msnmgr.exe

The following file is created:

– C:\a.txt

It tries to executes the following file:

– Filename:
   • "%WINDIR%\msnmgr.exe"

 Registry It creates the following entry in order to bypass the Windows XP firewall:

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   • "%executed file%"="%executed file%:*:Enabled:Userinit"

The following registry key is changed:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   New value:
   • "Userinit"="%SYSDIR%\userinit.exe,%WINDIR%\msnmgr.exe"

 IRC To deliver system information and to provide remote control it connects to the following IRC Server:

Server: b.msn**********.org
Port: 1234
Channel: #bb#
Nickname: n[USA|XP]%number%

 File details Programming language:
The malware program was written in Visual Basic.

Die Beschreibung wurde erstellt von Petre Galan am Freitag, 28. Mai 2010
Die Beschreibung wurde geändert von Petre Galan am Freitag, 28. Mai 2010

zurück . . . .