Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:25/09/2006
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:865.697 Bytes
MD5 checksum:89c414f68d50b9a146d1e0761fc05bc9
VDF version:
IVDF version: - Tuesday, September 19, 2006

 General Method of propagation:
   • No own spreading routine

   •  Kaspersky: Backdoor.Win32.Portless.k
   •  F-Secure: Backdoor.Win32.Portless.k
   •  Sophos: Troj/Dropper-LM
   •  Bitdefender: Trojan.Agent.AUZ

Platforms / OS:
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Drops a malicious file
   • Registry modification

 Files The following file is created:

%SYSDIR%\NtmsSdk.dll Further investigation pointed out that this file is malware, too. Detected as: BDS/Portless.K

 Registry The following registry keys are changed:

– HKLM\SYSTEM\ControlSet001\Services\NtmsSvc
   Old value:
   • "Type"=dword:00000020
   • "Start"=dword:00000003
   New value:
   • "Type"=dword:00000110
   • "Start"=dword:00000002

– HKLM\SYSTEM\CurrentControlSet\Services\NtmsSvc\Parameters
   Old value:
   • "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
   New value:
   • "ServiceDll"="%SystemRoot%\System32\NtmsSdk.dll"

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • nspack

Description inserted by Alexandru Tudor on Monday, September 25, 2006
Description updated by Andrei Ivanes on Monday, November 27, 2006

Back . . . .