Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Virus:TR/Drop.Agent.GH
Date discovered:02/03/2006
Type:Trojan
In the wild:Yes
Reported Infections:Medium
Distribution Potential:Medium to high
Damage Potential:Low to medium
Static file:Yes
File size:180.224 Bytes
MD5 checksum:066e35aed18f9a36a8bc18cff3a87333
VDF version:6.33.01.51
IVDF version:6.33.01.52 - Friday, March 3, 2006

 General Methods of propagation:
    Autorun feature
   • Mapped network drives


Aliases:
   •  Symantec: W32.Gammima.AG
   •  Kaspersky: Worm.Win32.AutoRun.bqls
   •  TrendMicro: TSPY_ONLINEG.QLM
   •  Panda: W32/Lineage.LNY.worm

The file works interdependently with these components:
     TR/GameThief.B


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7


Side effects:
   • Drops files
   • Registry modification

 Files It copies itself to the following locations:
   • %tempdir%\apiqq.exe
   • %drive%\lpl.exe



It deletes the initially executed copy of itself.



The following files are created:

%drive%\autorun.inf This is a non malicious text file with the following content:
   • %code that runs malware%

%tempdir%\apiqq0.dll Detected as: TR/GameThief.B

 Registry The following registry key is changed:

Various Explorer settings:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\Hidden\SHOWALL]
   New value:
   • "CheckedValue"=dword:00000000

 Stealing It tries to steal the following information:

The password from the following program:
   • Dofus

 Injection – It injects itself into a process.

    Process name:
   • explorer.exe


 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • ASPack

Die Beschreibung wurde erstellt von Andrei Ilie am Mittwoch, 2. Februar 2011
Die Beschreibung wurde geändert von Andrei Ilie am Dienstag, 15. Februar 2011

zurück . . . .