This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Low to medium
- Wednesday, February 17, 2010
Methods of propagation:
• Autorun feature
• Local network
• Bitdefender: Backdoor.SDBot.DGFO
• Eset: Win32/AutoRun.Agent.RF
Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Third party control
• Drops malicious files
• Registry modification
It copies itself to the following locations:
The following files are created:
\auTORUN.inf This is a non malicious text file with the following content:
%code that runs malware%
It tries to executes the following file:
The following registry keys are added in order to run the processes after reboot:
In order to ensure its propagation the malware attemps to connect to other machines as described below.
It makes use of the following Exploits:
(Buffer Overrun in RPCSS Service)
(Vulnerability in Server Service)
IP address generation:
It creates random IP addresses while it keeps the first two octets from its own address. Afterwards it tries to establish a connection with the created addresses.
To deliver system information and to provide remote control it connects to the following IRC Server:
– It injects itself as a remote thread into a process.
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.
Description inserted by Petre Galan on Tuesday, August 10, 2010
Description updated by Petre Galan on Thursday, August 12, 2010
Get in touch
Questions? We are happy to help you.
1 800 403 7019
Start a chat
Send an email
Find a solution in our Avira Answers community
Send an email
Case Record Type