Full description

Nume:	Worm/Koobface.aec
Descoperit pe data de:	19/06/2009
Tip:	Vierme
ITW:	Da
Numar infectii raportate:	Scazut spre mediu
Potential de raspandire:	Scazut
Potential de distrugere:	Scazut spre mediu
Fisier static:	Da
Marime:	81.920 Bytes
MD5:	d5833861893cd5ba15efd88bb91d1d8e
Versiune IVDF:	7.01.04.114 - Friday, June 19, 2009

General Alias:
   • Sophos: Mal/Koobface-E
   • Bitdefender: Trojan.Generic.4061407
   • Panda: Adware/TotalPCDefender2010
   • Eset: Win32/Koobface.NCX

Sistem de operare:
   • Windows 2000
   • Windows XP
   • Windows 2003

Efecte secundare:
   • Descarca fisiere malware
   • Creeaza fisiere malware
   • Modificari in registri

Fisiere Se copiaza in urmatoarea locatie:
   • %unitate disc%\windows\bill110.exe

Suprascrie un fisier.
– %WINDIR%\bill110.exe

Sterge copia initiala a virusului.

Este creat fisierul:

– %WINDIR%\dxxdv34567.bat

Incearca sa descarce cateva fisiere:

– Adresele sunt urmatoarele:
   • http://store.retrobutiken.se/**********/?action=%sir de caractere%&v=%numar%&crc=%numar%
   • http://store.retrobutiken.se/**********/?action=%sir de caractere%&a=%sir de caractere%&v=%numar%&c_fb=%numar%&ie=%sir de caractere%

– Adresa este urmatoarea:
   • http://welovetweet.com/**********/?getexe=%sir de caractere%

Incearca sa execute urmatoarele fisiere:

– Numele fisierului:
   • %WINDIR%\bill110.exe

– Numele fisierului:
   • cmd /c %WINDIR%\dxxdv34567.bat

Registrii sistemului Urmatoarea cheie este adaugata in registri pentru a rula procesul la repornirea sistemului:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• "sysfbtray"="%WINDIR%\bill110.exe"

Se adauga in registrii sistemului:

– [HKCU\Software\Microsoft\Internet Explorer\Main]
• "tp"="1000"

Alte informatii Cauta o conexiune Internet, contactand urmatorul website:
• http://www.google.com

Detaliile fisierului Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.

Description inserted by Petre Galan on Monday, August 9, 2010
Description updated by Petre Galan on Monday, August 9, 2010

Back . . . .

Featured PC protection

Free products

Most popular

All products

Bundled Solutions

Workstation

Server

Bundled Solutions

Mail Gateways

Web Gateways

Collaboration Platforms

Home Products

Business Products

Virus Lab

More Support

Become an Avira Partner

Home Products

Business Products

Just want to evaluate a product?

Manuals and Tools