Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Crypt.ZPACK.31514
Date discovered:23/10/2013
Type:Trojan
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
VDF version:7.11.109.38 - Wednesday, October 23, 2013
IVDF version:7.11.109.38 - Wednesday, October 23, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: Artemis!14D17E650596
   •  Kaspersky: Trojan-Dropper.Win32.Agent.itob
   •  F-Secure: Gen:Trojan.Heur.FU.dq1@aqYa@Tmi
   •  Sophos: Mal/Generic-S
   •  Bitdefender: Gen:Trojan.Heur.FU.dq1@aqYa@Tmi
   •  Avast: Win32:Malware-gen
   •  AVG: Dropper.Agent.BFTK
   •  Eset: Win32/Refeys.A
   •  GData: Gen:Trojan.Heur.FU.dq1@aqYa@Tmi
   •  Fortinet: W32/Shiz.NCF!tr


Platforms / OS:
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Can be used by rogue users or malware to lower security settings
   • Records keystrokes
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %TEMPDIR%\172.tmp.exe

 Registry The following registry key is added in order to run the process after reboot:

– HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
   • MicrosoftUpdate = %TEMPDIR%\172.tmp.exe

 Backdoor Contact server:
One of the following:
   • z**********xe.org
   • c**********oh.org
   • o**********vc.org
   • k**********ex.org
   • c**********xf.org
   • f**********kc.org
   • x**********se.org
   • a**********re.org
   • e**********ka.org
   • z**********xc.org
   • c**********xk.org
   • e**********rb.org
   • x**********kc.org
   • c**********rh.org
   • r**********vc.org
   • e**********xc.org
   • v**********xh.org
   • x**********ec.org
   • o**********xe.org
   • x**********zo.org


Description inserted by Elias Lan on Sunday, November 3, 2013
Description updated by Elias Lan on Sunday, November 3, 2013

Back . . . .