Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
In the wild:
Low to medium
- Wednesday, March 4, 2009
• Mcafee: W32/Koobface.worm.gen.e
• Sophos: W32/Koobfa-Gen
• Panda: W32/Koobface.AW.worm
• Eset: Win32/Koobface.NAY
• Bitdefender: Win32.Worm.Koobface.AO
Platforms / OS:
• Windows 2000
• Windows XP
• Windows 2003
• Downloads a malicious file
• Drops malicious files
• Registry modification
It copies itself to the following location:
The following file is created:
\9gdfgjf23 This is a non malicious text file with the following content:
%code that runs malware%
It tries to download a file:
– The locations are the following:
At the time of writing this file was not online for further investigation.
One of the following values is added in order to run the process after reboot:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.
Description inserted by Petre Galan on Monday, March 15, 2010
Description updated by Petre Galan on Monday, March 15, 2010