Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Virus:TR/VB.Agent.49152
Date discovered:16/09/2008
Type:Trojan
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low to medium
Damage Potential:Low
Static file:Yes
File size:49.152 Bytes
MD5 checksum:24279b569c7f301460e0c092c80f0919
IVDF version:7.00.06.162 - Tuesday, September 16, 2008

 General Method of propagation:
    Autorun feature


Aliases:
   •  Sophos: Mal/VBWorm-C
   •  Bitdefender: Trojan.VB.NMY
   •  Panda: W32/Whybo.I
   •  Eset: Win32/VB.EL


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops malicious files
   • Registry modification

 Files It copies itself to the following location:
   • %drive%\fun.xls.exe



The following files are created:

%drive%\AUTORUN.INF This is a non malicious text file with the following content:
   • %code that runs malware%

%WINDIR%\ufdata2000.log

 Registry The following registry keys are added in order to run the processes after reboot:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "MsServer"="msfun80.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "IMJPMIG8.2"="msime82.exe"



The following registry key is changed:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\Hidden\SHOWALL]
   New value:
   • "CheckedValue"="0"

 File details Programming language:
The malware program was written in Visual Basic.

Die Beschreibung wurde erstellt von Petre Galan am Montag, 6. Dezember 2010
Die Beschreibung wurde geändert von Petre Galan am Montag, 6. Dezember 2010

zurück . . . .