Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Symmi.14078.6
Date discovered:13/11/2013
Type:Trojan
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:729.600 Bytes
MD5 checksum:e6b6ec9f87625fff983c241e8106d620
VDF version:7.11.113.114 - Wednesday, November 13, 2013
IVDF version:7.11.113.114 - Wednesday, November 13, 2013

 General Method of propagation:
   • No own spreading routine


Alias:
   •  Eset: Win32/TrojanDownloader.Agent.AFD


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Downloads files
   • Drops a file

 Files The following file is created:

– A file that is for temporary use and it might be deleted afterwards:
   • %TEMPDIR%\%random character string%.tmp




It tries to download some files:

The location is the following:
   • http://givemefilesnow.info/get/?ver=**********&hid=f92d**********data=eUcE**********K8%2
It is saved on the local hard drive under: %temporary internet files%\%random%\%random%

The location is the following:
   • http://givemefilesnow.info/get/?ver=**********&hid=6080**********data=DK7srb**********6iQ5
It is saved on the local hard drive under: %temporary internet files%\%random%\%random%

 Registry The following registry key is added:

[HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\
   Internet Settings]
   • "ProxyEnable"=dword:00000000



The following registry key is changed:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
   Old value:
   • "MigrateProxy"=dword:00000001
     "ProxyEnable"=dword:00000000
   New value:
   • "MigrateProxy"=dword:00000001
     "ProxyEnable"=dword:00000000
     "ProxyServer"=-
     "ProxyOverride"=-
     "AutoConfigURL"=-

Description inserted by Jason Soo on Friday, November 15, 2013
Description updated by Jason Soo on Friday, November 15, 2013

Back . . . .