Need help? Ask the community or hire an expert.
Go to Avira Answers
Nume:WORM/Rebhip.A.3001
Descoperit pe data de:22/06/2011
Tip:Vierme
ITW:Nu
Numar infectii raportate:Scazut
Potential de raspandire:Scazut
Potential de distrugere:Scazut spre mediu
Fisier static:Da
Marime:356.352 Bytes
MD5:5D39AFF39F79D959DA7AE13424CAF68D
Versiune VDF:7.11.10.68 - miercuri, 22 iunie 2011
Versiune IVDF:7.11.10.68 - miercuri, 22 iunie 2011

 General Alias:
   •  Kaspersky: Backdoor.Win32.Ruskill.df
   •  TrendMicro: BKDR_RUSKILL.ITW
   •  Sophos: Mal/VB-YG


Sistem de operare:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7


Efecte secundare:
   • Creeaza fisiere
   • Modificari in registri

 Fisiere Se copiaza in urmatoarea locatie:
   • C:\directory\CyberGate\install\windosdateor.exe



Sunt create fisierele:

%TEMPDIR%\XxX.xXx Informatii obtinute despre sistem.
%TEMPDIR%\UuU.uUu Informatii obtinute despre sistem.

 Registrii sistemului Se adauga una din valorile urmatoare pentru fiecare cheie din registri, pentru a porni procesul dupa reboot:

  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "HKCU"="c:\directory\CyberGate\install\windosdateor.exe"

  [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
   Run]
   • "Policies"="c:\directory\CyberGate\install\windosdateor.exe"

  [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
   Run]
   • "Policies"="c:\directory\CyberGate\install\windosdateor.exe"

Description inserted by Andrei Ilie on Thursday, October 20, 2011
Description updated by Andrei Ilie on Monday, October 24, 2011

Back . . . .