Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Virus:Worm/Palevo.wmh
Date discovered:08/03/2010
Type:Worm
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:71.168 Bytes
MD5 checksum:0c2b5024ba5b8d6900a8e07f459bdf2f
VDF version:7.10.01.251
IVDF version:7.10.04.235 - Monday, March 8, 2010

 General Aliases:
   •  Sophos: W32/Autorun-BBI
   •  Panda: W32/Koobface.JK
   •  Eset: Win32/Boberog.AK
   •  Bitdefender: Worm.Generic.231036


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops malicious files
   • Lowers security settings
   • Registry modification
   • Third party control

 Files It copies itself to the following location:
   • %WINDIR%\msnmgr.exe



The following file is created:

C:\a.txt



It tries to executes the following file:

Filename:
   • "%WINDIR%\msnmgr.exe"

 Registry It creates the following entry in order to bypass the Windows XP firewall:

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%executed file%"="%executed file%:*:Enabled:Userinit"



The following registry key is changed:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   New value:
   • "Userinit"="%SYSDIR%\userinit.exe,%WINDIR%\msnmgr.exe"

 IRC To deliver system information and to provide remote control it connects to the following IRC Server:

Server: b.msn**********.org
Port: 1234
Channel: #bb#
Nickname: n[USA|XP]%number%

 File details Programming language:
The malware program was written in Delphi.

Die Beschreibung wurde erstellt von Petre Galan am Freitag, 28. Mai 2010
Die Beschreibung wurde geändert von Andrei Ivanes am Freitag, 4. Juni 2010

zurück . . . .