Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Buzus.HL.2619
Date discovered:16/10/2012
Type:Trojan
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:356.865 Bytes
MD5 checksum:4741971b343700489ba5bbb46d8030d2
VDF version:7.11.46.96 - Tuesday, October 16, 2012
IVDF version:7.11.46.96 - Tuesday, October 16, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan-Spy.Win32.Zbot.fsuo
   •  Sophos: Troj/Karag-K
   •  Bitdefender: Trojan.Generic.KDV.762117
   •  Eset: Win32/Spy.Zbot.AAN
     DrWeb: Trojan.PWS.Stealer.946


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Drops a file
   • Drops a malicious file

 Files The following file is created:

%APPDATA%\Itfa\obeg.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: TR/Buzus.HL.2619

%TEMPDIR%\tmpf4e2fc6b.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.

 Registry The following registry key is added in order to run the process after reboot:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "{A0069593-15F8-AD7A-205B-36493F66155B}"="%APPDATA%\Itfa\obeg.exe"

Description inserted by Eric Burk on Wednesday, October 17, 2012
Description updated by Eric Burk on Wednesday, October 17, 2012

Back . . . .