Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Low to medium
Low to medium
- Thursday, December 4, 2008
Method of propagation:
• Symantec: W32.Ackantta@mm
• Mcafee: W32/Xirtem@MM virus !!!
• Kaspersky: Trojan-Banker.Win32.Banker.abbi
• Grisoft: Downloader.Agent.APQJ
• Bitdefender: Win32.Worm.McMaggot.A
It was previously detected as:
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
• Drops a malicious file
• Uses its own Email engine
• Lowers security settings
• Registry modification
It copies itself to the following location:
The following file is created:
\qnx.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as:
One of the following values is added in order to run the process after reboot:
• Wind River Systems"="c:\windows\\system32\\vxworks.exe
The following registry keys are changed:
It contains an integrated SMTP engine in order to send emails. A direct connection with the destination server will be established. The characteristics are described in the following:
The sender address is spoofed.
The sender of the email is one of the following:
One of the following:
• Coca Cola is proud to accounce our new Christmas Promotion.
• Mcdonalds wishes you Merry Christmas!
• You've received A Hallmark E-Card!
The filename of the attachment is one of the following:
The attachment is an archive containing a copy of the malware itself.
The malware program was written in MS Visual C++.
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.
Description inserted by Alexander Neth on Thursday, December 4, 2008
Description updated by Alexander Neth on Thursday, December 4, 2008