Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:EXP/Pidief.aom
Date discovered:21/02/2012
Type:Exploit
In the wild:Yes
Reported Infections:High
Distribution Potential:Low
Damage Potential:Low to medium
Static file:No
VDF version:7.11.23.180 - Tuesday, February 21, 2012
IVDF version:7.11.23.180 - Tuesday, February 21, 2012

 General Method of propagation:
   • By visiting infected websites


Aliases:
     Microsoft: Exploit:Win32/Pdfjsc.ZZ
     DrWeb: Exploit.PDF.2743


Platforms / OS:
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
    Drive-by download

 Files It tries to download some files:

The location is the following:
   • http://agentur-ratte.de/lutoma/cln/**********
It is saved on the local hard drive under: %TEMPDIR%\wpbt%number%.dll Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too.

The location is the following:
   • http://dylanpatton.de/mtpforum/**********
It is saved on the local hard drive under: %TEMPDIR%\wpbt%number%.dll Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too.

The location is the following:
   • http://moc-steinsberg.de/main/Vorstand/**********
It is saved on the local hard drive under: %TEMPDIR%\wpbt%number%.dll Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too.

 File details Programming language:
 • JavaScript


Encryption:
Encrypted - The virus code inside the file is encrypted.

Description inserted by Alexander Bauer on Tuesday, February 21, 2012
Description updated by Alexander Bauer on Tuesday, February 21, 2012

Back . . . .