Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Winlock.GH
Date discovered:02/08/2012
Type:Trojan
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low
File size:767.030 Bytes
MD5 checksum:495fd35d25451caee38013c5b70B0Ece
VDF version:7.11.38.136 - Thursday, August 2, 2012
IVDF version:7.11.38.136 - Thursday, August 2, 2012

 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
    Can be used to execute malicious code
    Can be used to modify system settings that allow or augment potential malware behaviour.

 Miscellaneous Event handler:
It creates the following Event handlers:
   • DisableTaskMgr
   • SeDebugPrivilege
   • CreateToolhelp32Snapshot
   • Process32Next
   • Process32First
   • FindWindow
   • CreateFile
   • CreateService
   • StartService


String:
Furthermore it contains the following strings:
   • SIWVID
   • NTICE
   • SICE
   • checkprotection

Description inserted by Wensin Lee on Friday, August 3, 2012
Description updated by Wensin Lee on Friday, August 3, 2012

Back . . . .