Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Low to medium
Method of propagation:
• No own spreading routine
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
• Downloads a file
• Registry modification
It copies itself to the following location:
It tries to download a file:
– The location is the following:
It is saved on the local hard drive under: C:\brl\lsass.exe Furthermore this file gets executed after it was fully downloaded. At the time of writing this file was not online for further investigation.
The following registry key is changed:
– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
• Shell = Explorer.exe
• Shell = Explorer.exe "C:\brl\lsass.exe"
The malware program was written in Visual Basic.
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
Description inserted by Andrei Gherman on Thursday, March 2, 2006