Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Low to medium
- Wednesday, July 5, 2006
Methods of propagation:
• Autorun feature
• Local network
• Mcafee: W32/Autorun.worm.h
• Kaspersky: Backdoor.Win32.IRCBot.jwy
• Sophos: W32/SdBot-DKI
• Bitdefender: Trojan.Generic.1729343
• Panda: W32/Autorun.AOL
• GData: Trojan.Generic.1729343
Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Third party control
• Drops malicious files
• Registry modification
It copies itself to the following locations:
The following file is created:
\autorun.inf This is a non malicious text file with the following content:
%code that runs malware%
The following registry key is added:
– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions]
In order to ensure its propagation the malware attemps to connect to other machines as described below.
It makes use of the following Exploits:
(Elevation of Privilege in SQL Server Web)
(Vulnerability in Server Service)
–It attempts to schedule a remote execution of the malware, on the newly infected machine. Therefore it uses the NetScheduleJobAdd function.
To deliver system information and to provide remote control it connects to the following IRC Server:
The malware program was written in MS Visual C++.
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.
Description inserted by Petre Galan on Friday, March 25, 2011
Description updated by Petre Galan on Friday, March 25, 2011