Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Date discovered:20/05/2010
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:192.512 Bytes
MD5 checksum:5140e5660449e265f5c39bcb6a7557f2
IVDF version: - Thursday, May 20, 2010

 General Method of propagation:
    Autorun feature

   •  Bitdefender: Trojan.Generic.4047767
   •  Panda: W32/P2PWorm.KN
   •  Eset: Win32/Inject.NDO

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Drops malicious files
   • Registry modification

 Files It copies itself to the following locations:
   • %HOME%\Application Data\mqpp.exe
   • %drive%\portable\little.exe

The following file is created:

%drive%\autorun.inf This is a non malicious text file with the following content:
   • %code that runs malware%

 Registry The following registry key is added in order to run the process after reboot:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   • "Taskman"="%HOME%\Application Data\mqpp.exe"

 Backdoor The following ports are opened:

sam.cha**********.com on UDP port 11000
zma**********.ru on UDP port 11000
cha**********.com on UDP port 11000
jus**********.com on UDP port 11000

 Injection It injects itself as a remote thread into a process.

    Process name:
   • explorer.exe

 File details Programming language:
The malware program was written in Visual Basic.

Die Beschreibung wurde erstellt von Petre Galan am Montag, 30. August 2010
Die Beschreibung wurde geändert von Petre Galan am Montag, 30. August 2010

zurück . . . .