Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
- Wednesday, August 5, 2009
• Mcafee: W32/Koobface.worm.gen.e
• Panda: W32/Koobface.EC.worm
• Eset: Win32/Koobface.NCF
• Bitdefender: Worm.Generic.79123
Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Downloads malicious files
• Drops malicious files
• Registry modification
It copies itself to the following location:
It deletes the initially executed copy of itself.
It deletes the following files:
The following files are created:
– c:\2.reg This is a non malicious text file with the following content:
%code that runs malware%
\34rdft.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.
%malware execution directory%
It tries to download some files:
– The locations are the following:
– The location is the following:
The following registry key is added:
– [HKLM\SOFTWARE\Classes\Mime\Database\Content Type\
Checks for an internet connection by contacting the following web site:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.
Description inserted by Petre Galan on Tuesday, March 16, 2010
Description updated by Petre Galan on Wednesday, March 17, 2010