Full description

Nume:	BDS/VB.awr.35
Descoperit pe data de:	19/03/2007
Tip:	Backdoor Server
ITW:	Nu
Numar infectii raportate:	Scazut
Potential de raspandire:	Scazut
Potential de distrugere:	Mediu
Fisier static:	Da
Marime:	420.299 Bytes
MD5:	ecf789e622ab53b9761595f51e63423a
Versiune VDF:	6.38.00.74
Versiune IVDF:	6.38.00.76 - Monday, March 19, 2007

General Metoda de raspandire:
   • Nu are rutina proprie de raspandire

Alias:
   • Kaspersky: Backdoor.Win32.VB.awr
   • F-Secure: Backdoor.Win32.VB.awr

Sistem de operare:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Efecte secundare:
   • Blocheaza accesul la website-uri ale firmelor de securitate
   • Inregistreaza intrarile de la tastatura
   • Modificari in registri
   • Sustrage informatii
   • Posibilitatea accesului neautorizat la computer

Fisiere Se copiaza in urmatoarea locatie:
• %WINDIR%\scvhost.exe

Sunt create fisierele:

– Fisier inofensiv:
• %WINDIR%\MSWINSCK.OCX

– %SYSDIR%\offlog.txt Acest fisier stocheaza datele introduse de utilizator la tastatura.

Registrii sistemului Urmatoarele chei sunt adaugate in registri pentru a rula procesul la repornirea sistemului:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RUNSERVICES]
   • "Windows Update"="%WINDIR%\scvhost.exe"
   • "msconfig"="%WINDIR%\scvhost.exe"
   • "icq lite"="%WINDIR%\scvhost.exe"
   • "Update Checker"="%WINDIR%\scvhost.exe"
   • "AntiVir"="%WINDIR%\scvhost.exe"
   • @="%WINDIR%\scvhost.exe"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "Windows Update"="%WINDIR%\scvhost.exe"
   • "msconfig"="%WINDIR%\scvhost.exe"
   • "icq lite"="%WINDIR%\scvhost.exe"
   • "Update Checker"="%WINDIR%\scvhost.exe"
   • "AntiVir"="%WINDIR%\scvhost.exe"
   • @="%WINDIR%\scvhost.exe"

– [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
   • "run"="%WINDIR%\scvhost.exe"

Fisiere host Fisierul

– In acest caz, inregistrarile existente sunt sterse.

– Accesul la urmatoarele domenii este blocat:
   • dl1.avgate.net
   • dl2.avgate.net
   • dl3.avgate.net
   • dl4.avgate.net
   • dl5.avgate.net
   • dl6.avgate.net
   • dl7.avgate.net
   • dl8.avgate.net
   • dl9.avgate.net

Backdoor Servere contactate:
Urmatorul:
• arcrol3**********:1338

Astfel se pot transmite informatii si se poate obtine control la distanta.

Detaliile fisierului Limbaj de programare:
Limbaj de programare folosit: Visual Basic.

Description inserted by Gabriel Mustata on Friday, March 16, 2007
Description updated by Andrei Gherman on Monday, March 26, 2007

Back . . . .

Featured PC protection

Free products

Most popular

All products

Bundled Solutions

Workstation

Server

Bundled Solutions

Mail Gateways

Web Gateways

Collaboration Platforms

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools