Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:13/12/2012
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:53.248 Bytes
MD5 checksum:6c65d18a5f1cec61e6c93b74b0ba7396
VDF version:

 General Method of propagation:
   • No own spreading routine

   •  Kaspersky:
   •  F-Secure: DROPPER FOR W32/Pcclient.S@bd
   •  Bitdefender: Backdoor.PCClient.BY

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP

Side effects:
   • Drops malicious files

 Files It copies itself to the following location:
   • %TEMPDIR%\%executed file%

It deletes the initially executed copy of itself.

The following files are created:

%TEMPDIR%\%executed file%.doc Furthermore it gets executed after it was fully created. It is opened using the default application for this file type.
%TEMPDIR%\kernel0815.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too.

Description inserted by Sergiu Oprea on Friday, August 19, 2005
Description updated by Sergiu Oprea on Tuesday, August 30, 2005

Back . . . .