Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:VBS/Dinihou.A.3
Date discovered:20/02/2014
Type:HTML
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:No
File size:~ 73.000 Bytes
VDF version:7.11.132.250 - Thursday, February 20, 2014
IVDF version:7.11.132.250 - Thursday, February 20, 2014

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: VBS/Autorun.worm.aapj
   •  Kaspersky: Worm.VBS.Dinihou.a
   •  TrendMicro: VBS_DUNIHI.SM3
   •  Sophos: VBS/Dinihou-A
   •  Bitdefender: Worm.VBS.Dunihi.W
     Avast: VBS:Houdini-F
     Microsoft: Worm:VBS/Jenxcus.BB
   •  Eset: VBS/Kryptik.N trojan
     Norman: Trojan text/Kryptik.CDCO


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Drops malicious files
   • Registry modification

 Files It copies itself to the following locations:
   • %HOME%\Start Menu\Programs\Startup\%executed file%
   • %TEMPDIR%\%executed file%

 Registry The following registry key is added in order to run the process after reboot:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%executed file's name without extension%"="wscript.exe //B %TEMPDIR%\%executed file%"

Description inserted by Alexander Bauer on Saturday, February 22, 2014
Description updated by Alexander Bauer on Saturday, February 22, 2014

Back . . . .