This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
- Wednesday, August 5, 2009
• Mcafee: W32/Koobface.worm.gen.e
• Panda: W32/Koobface.EC.worm
• Eset: Win32/Koobface.NCF
• Bitdefender: Worm.Generic.79123
Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Downloads malicious files
• Drops malicious files
• Registry modification
It copies itself to the following location:
It deletes the initially executed copy of itself.
It deletes the following files:
The following files are created:
– c:\2.reg This is a non malicious text file with the following content:
%code that runs malware%
\34rdft.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.
%malware execution directory%
It tries to download some files:
– The locations are the following:
– The location is the following:
The following registry key is added:
– [HKLM\SOFTWARE\Classes\Mime\Database\Content Type\
Checks for an internet connection by contacting the following web site:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.
Description inserted by Petre Galan on Tuesday, March 16, 2010
Description updated by Petre Galan on Wednesday, March 17, 2010
Get in touch
Questions? We are happy to help you.
1 800 403 7019
Start a chat
Send an email
Find a solution in our Avira Answers community
Send an email
Case Record Type