Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:20/12/2013
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
VDF version: - Thursday, December 19, 2013
IVDF version: - Thursday, December 19, 2013

 General Method of propagation:
    Autorun feature

   •  Symantec: VBS.Downloader.Trojan
   •  Mcafee: VBS/Autorun.worm.aafu
   •  Kaspersky: Worm.VBS.Dinihou.c
   •  TrendMicro: VBS_DUNIHI.SM
   •  F-Secure: Worm.Vbs.CN
   •  Sophos: VBS/Safa-A
   •  Bitdefender: Worm.Vbs.CN
     Avast: VBS:Decode-BK [Trj]
     Microsoft: Worm:VBS/Jenxcus.AP
   •  Panda: VBS/Downloader.WLU
   •  Eset: VBS/Agent.NDE
     GData: Worm.Vbs.CN
     Fortinet: VBS/Agent.NDE
     Ikarus: VBS.Decode
     Norman: Agent.AZJGG

Platforms / OS:
   • Windows XP
    Windows Vista
    Windows Server 2008
    Windows 7

Side effects:
    Can be used to execute malicious code
   • Steals information

 Files It copies itself to the following locations:
   • %HOME%Start MenuProgramsStartup\%executed file%
   • %HOME%Application Data\%executed file%

 Registry The following registry key is added in order to run the process after reboot:

   • "%executed file% "="wscript.exe //B "%HOME%\Application Data\%executed file% ""

 Backdoor Contact server:
The following:
   • http://who**********

Description inserted by Elias Lan on Sunday, December 22, 2013
Description updated by Elias Lan on Sunday, December 22, 2013

Back . . . .