Need help? Ask the community or hire an expert.
Go to Avira Answers
Nume:DR/Setty.O
Descoperit pe data de:22/12/2010
Tip:Troian
ITW:Nu
Numar infectii raportate:Scazut spre mediu
Potential de raspandire:Scazut
Potential de distrugere:Scazut spre mediu
Fisier static:Da
Marime:1.963.643 Bytes
MD5:459dedf5135d8d6eff5a08d62f328f5d
Versiune VDF:7.10.07.72
Versiune IVDF:7.11.00.144 - miercuri, 22 decembrie 2010

 General Alias:
   •  Mcafee: Artemis!459DEDF5135D
   •  Kaspersky: Trojan-Dropper.Win32.StartPage.dvd
   •  AVG: Generic3_c.BNCJ


Sistem de operare:
   • Windows 2000
   • Windows XP
   • Windows 2003


Efecte secundare:
   • Creeaza fisiere malware
   • Modificari in registri

 Fisiere  Sterge urmatoarele fisiere:
   • %PROGRAM FILES%\prgenerate\is-LGRJ3.tmp
   • %PROGRAM FILES%\prgenerate\is-L45BV.tmp
   • %PROGRAM FILES%\prgenerate\is-Q79BP.tmp



Sunt create fisierele:

%WINDIR%\vistaw7\Config.ini
%WINDIR%\vistaw7\rd.txt
%WINDIR%\Condu.lnk Acesta este un fisier text care nu prezinta pericol si are urmatorul continut:
   • %cod care ruleaza fisierul malitios%

%PROGRAM FILES%\prgenerate\unins000.exe
%PROGRAM FILES%\prgenerate\Install.tmp
%WINDIR%\vistaw7\infofile.tmp
%WINDIR%\vistaw7\tuangou.ico
%PROGRAM FILES%\prgenerate\is-Q79BP.tmp
%WINDIR%\vistaw7\canyou.ucan
%PROGRAM FILES%\prgenerate\InstallDll.dll
%PROGRAM FILES%\prgenerate\unins000.dat
%WINDIR%\vistaw7\comrundu.ducc
%WINDIR%\vistaw7\taobao.ico
%PROGRAM FILES%\prgenerate\is-LGRJ3.tmp
%WINDIR%\vistaw7\Install.tmp
%PROGRAM FILES%\prgenerate\is-L45BV.tmp
%WINDIR%\vistaw7\nwinms.inn
%WINDIR%\vistaw7\honst.uic



Incearca sa execute urmatoarele fisiere:

– Numele fisierului:
   • "%SYSDIR%\rundll32.exe" "%WINDIR%\vistaw7\comrundu.ducc" frmwind


– Numele fisierului:
   • "%SYSDIR%\rundll32.exe" "%WINDIR%\vistaw7\canyou.ucan" showme1


– Numele fisierului:
   • "%PROGRAM FILES%\Internet Explorer\IEXPLORE.EXE" -nohome

 Registrii sistemului Urmatoarele chei sunt adaugate in registrii sistemului:

– [HKLM\SOFTWARE\Classes\uic\Shell\Open\Command]
   • "@"=""Rundll32.exe" "%WINDIR%\vistaw7\nwinms.inn" readfile"

– [HKLM\SOFTWARE\Classes\.uic]
   • "@"="uic"

– [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\
   {5E8C4B88-9431-4742-BC1F-8D70D7A89402}_is1]
   • "DisplayName"="3.1.0.2"
   • "Inno Setup: App Path"="%PROGRAM FILES%\prgenerate"
   • "Inno Setup: Icon Group"="prgenerate"
   • "Inno Setup: Setup Version"="5.2.3"
   • "Inno Setup: User"="Administrator"
   • "InstallDate"="20110509"
   • "InstallLocation"="%PROGRAM FILES%\prgenerate\"
   • "NoModify"=dword:0x00000001
   • "NoRepair"=dword:0x00000001
   • "QuietUninstallString"=""%PROGRAM FILES%\prgenerate\unins000.exe" /SILENT"
   • "UninstallString"=""%PROGRAM FILES%\prgenerate\unins000.exe""

– [HKLM\SOFTWARE\Classes\uic\Shell\Open]
   • "@"=""



Urmatoarele chei din registri sunt modificate:

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   Noua valoare:
   • "CompatibilityFlags"=dword:0x00000000
   • "FullScreen"="no"
   • "Window_Placement"=hex:2C,00,00,00,00,00,00,00,01,00,00,00,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,FF,8E,00,00,00,B1,00,00,00,AE,03,00,00,09,03,00,00

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
   Zones]
   Noua valoare:
   • "SecuritySafe"=dword:0x00000001

– [HKLM\SOFTWARE\Classes\TypeLib\
   {1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
   Noua valoare:
   • "@"="oleacc.dll"

 Alte informatii Acceseaza resurse de pe internet:
   • http://www.34com.com/ppsr/Downsoft/**********
   • http://www.07783.com/ppsr/Downsoft/**********
   • http://www.34com.com:8080/**********?mac=%sir de caractere%&id=%numar%
   • http://www.szc**********.com/
   • http://www.456t.com/**********

Description inserted by Petre Galan on Monday, May 9, 2011
Description updated by Petre Galan on Thursday, May 12, 2011

Back . . . .