Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:VBS/Kryptik.155648
Date discovered:23/10/2013
Type:JavaScript
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:No
VDF version:7.11.109.52 - Wednesday, October 23, 2013
IVDF version:7.11.109.52 - Wednesday, October 23, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: VBS/Autorun.worm.aapf
     Avast: VBS:Decode-BL
     Microsoft: Worm:VBS/Jenxcus.K
     AVG: Exploit_c.YUV
     GData: Script.Packed.Cafas.A
     DrWeb: Trojan.Siggen5.60166


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

 Files It copies itself to the following locations:
   • %userprofile%\Start Menu\Programs\Startup\%sample_name%.vbs
   • %temp%\%sample_name%.vbs

 Registry One of the following values is added in order to run the process after reboot:

  [HKCU\software\microsoft\windows\currentversion\run]
   • "%sample_name%"="wscript.exe //B \"%temp%\%sample_name%.vbs\""

  [HKLM\software\microsoft\windows\currentversion\run]
   • "%sample_name%"="wscript.exe //B \"%temp%\%sample_name%.vbs\""

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS server is contacted:
   • tdi**********to.org:86

 File details Programming language:
The malware program was written in Visual Basic.

Description inserted by Soe-liang Tan on Friday, October 25, 2013
Description updated by Soe-liang Tan on Friday, October 25, 2013

Back . . . .