Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:DR/Portless.K.1
Date discovered:25/09/2006
Type:Dropper
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:865.697 Bytes
MD5 checksum:89c414f68d50b9a146d1e0761fc05bc9
VDF version:6.36.00.20
IVDF version:6.36.00.30 - Tuesday, September 19, 2006

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Backdoor.Win32.Portless.k
   •  F-Secure: Backdoor.Win32.Portless.k
   •  Sophos: Troj/Dropper-LM
   •  Bitdefender: Trojan.Agent.AUZ


Platforms / OS:
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops a malicious file
   • Registry modification

 Files The following file is created:

%SYSDIR%\NtmsSdk.dll Further investigation pointed out that this file is malware, too. Detected as: BDS/Portless.K

 Registry The following registry keys are changed:

HKLM\SYSTEM\ControlSet001\Services\NtmsSvc
   Old value:
   • "Type"=dword:00000020
   • "Start"=dword:00000003
   New value:
   • "Type"=dword:00000110
   • "Start"=dword:00000002

HKLM\SYSTEM\CurrentControlSet\Services\NtmsSvc\Parameters
   Old value:
   • "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
   New value:
   • "ServiceDll"="%SystemRoot%\System32\NtmsSdk.dll"

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • nspack

Description inserted by Alexandru Tudor on Monday, September 25, 2006
Description updated by Andrei Ivanes on Monday, November 27, 2006

Back . . . .