Du brauchst Hilfe? Frage die Community oder wende dich an einen Experten.
Zu Avira Answers
Virus:TR/VB.kkb
Date discovered:29/11/2011
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Medium to high
Damage Potential:Medium
VDF version:7.11.18.123 - Tuesday, November 29, 2011
IVDF version:7.11.18.123 - Tuesday, November 29, 2011

 General Methods of propagation:
    Autorun feature
   • Local network
    Messenger


Aliases:
   •  Mcafee: Generic
   •  Kaspersky: Trojan.Win32.Jorik.IRCbot.ded
   •  Bitdefender: Worm.Dorkbot.A
   •  Grisoft: Generic25.AVWP
   •  Eset: a variant of Win32/Injector.KLN trojan
     GData: Worm.Dorkbot.A
     DrWeb: Trojan.MulDrop3.13802
     Norman: Trojan W32/VBInject.ADL


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
    Can be used to modify system settings that allow or augment potential malware behaviour.
   • Registry modification

 Files It copies itself to the following location:
   • %APPDATA%\%six-digit random character string%.exe

 Registry One of the following values is added in order to run the process after reboot:

  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Bwzizj"="%APPDATA%\\%six-digit random character string%.exe"

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS servers are contacted:
   • **********m0001.in
   • **********m0002.in


Event handler:
It creates the following Event handlers:
   • ReadProcessMemory
   • WriteProcessMemory
   • CreateRemoteThread
   • InternetReadFile
   • URLDownloadToFile
   • InternetOpenUrl
   • InternetOpen
   • CreateFile


String:
Furthermore it contains the following strings:
   • AV_sites
   • Starting flood
   • IRC Command
   • login
   • password
   • banking
   • pin
   • money
   • account
   • login.yahoo.*/*login*
   • facebook.*/login.php*
   • runescape*/*weblogin*
   • mediafire.com/*login*
   • freakshare.com/login*
   • uploading.com/*login*
   • filesonic.com/*login*
   • namecheap.com/*login*
   • speedyshare.com/login*
   • depositfiles.*/*/login*
   • thepiratebay.org/login*
   • bcointernacional*login*
   • uploaded.to/*login*
   • alertpay.com/login*
   • moniker.com/*Login*
   • dotster.com/*login*
   • oron.com/login*
   • ngrBot Error

 File details Programming language:
The malware program was written in Visual Basic.

Die Beschreibung wurde erstellt von Wensin Lee am Freitag, 14. September 2012
Die Beschreibung wurde geändert von Wensin Lee am Freitag, 14. September 2012

zurück . . . .