Avira Virus Lab


  • Name
  • Date discovered
    Oct 26, 2015
  • VDF version (2012-11-28 09:07)

Stay safe from all these threats with Avira Free Antivirus.

Avira Free Antivirus Download Free

The term 'DDOS' denotes a program that is able to perform distributed denial of service attacks for instance on certain Internet sites.

  • VDF (2012-11-28 09:07)
  • Aliases
    Avast: Win32:ServStart-C
    AVG: Generic18.MDX
    ClamAV: Trojan.MicroFake-1
    Dr. Web: Trojan.DownLoader13.1900
    F-PROT: W32/MalwareF.YMPW (exact)
    Trend Micro: WORM_MICROFAKE.U
    Microsoft: DDoS:Win32/Nitol
    G Data: Trojan.Microfake.D
    Kaspersky Lab: Trojan.Win32.MicroFake.ba
    Bitdefender: Trojan.Microfake.D
    ESET: Win32/Agent.RNS trojan
  • Files
    The following files are created:
    • %SYSDIR%\emuimo.exe
    • %SYSDIR%\hra33.dll
    The following files are renamed:
    • %TEMPDIR%\hrl4E.tmp
    • %DISKDRIVE%\RCX4F.tmp
    The following files are deleted:
    • %SYSDIR%\hra33.dll
    The following copies of itself are created:
    • %DISKDRIVE%\RCX4F.tmp
    • %APPDATA%\Sun\Java\jre1.7.0_51\lpk.dll
    • %TEMPDIR%\Microsoft .NET Framework 4 Setup_4.0.30319\lpk.dll
    • %TEMPDIR%\lpk.dll
    • %TEMPDIR%\{62198C42-974B-4F90-9AD2-12763AB58C97}~setup\lpk.dll
    • %temporary internet files%\Content.IE5\5KMEPSXE\lpk.dll
    • %temporary internet files%\Content.IE5\LV2JIAKP\lpk.dll
    • %temporary internet files%\Content.IE5\QH9ZEEV0\lpk.dll
    • %DISKDRIVE%\hips\lpk.dll
    • %DISKDRIVE%\incoming\lpk.dll
    • %DISKDRIVE%\lpk.dll
    • %PROGRAM FILES%\Common Files\Java\Java Update\lpk.dll
    • %PROGRAM FILES%\Common Files\Microsoft Shared\DW\lpk.dll
    • %PROGRAM FILES%\Common Files\Microsoft Shared\MSInfo\lpk.dll
    • %PROGRAM FILES%\Common Files\Microsoft Shared\Speech\lpk.dll
    • %PROGRAM FILES%\FileZilla Server\lpk.dll
    • %PROGRAM FILES%\Internet Explorer\Connection Wizard\lpk.dll
    • %PROGRAM FILES%\Internet Explorer\lpk.dll
    • %PROGRAM FILES%\Java\jre7\bin\lpk.dll
    • %PROGRAM FILES%\Messenger\lpk.dll
    • %PROGRAM FILES%\Movie Maker\lpk.dll
    • %PROGRAM FILES%\Mozilla Firefox\lpk.dll
    • %PROGRAM FILES%\Mozilla Firefox\uninstall\lpk.dll
    • %PROGRAM FILES%\MSN\MSNCoreFiles\Install\MSN9Components\lpk.dll
    • %PROGRAM FILES%\MSN\MSNCoreFiles\Install\lpk.dll
    • %PROGRAM FILES%\MSN Gaming Zone\Windows\lpk.dll
    • %PROGRAM FILES%\NetMeeting\lpk.dll
    • %PROGRAM FILES%\Outlook Express\lpk.dll
  • Injections
    • %SYSDIR%\svchost.exe
  • Registry
    The following registry entries are added:
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Distribumkq ("Type": dword:00000010; "Start": dword:00000002; "ErrorControl": dword:00000000; "ImagePath": "%SYSDIR%\emuimo.exe"; "DisplayName": "Distribuqre Transaction Coordinator Service"; "ObjectName": "LocalSystem")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Distribumkq\Security ("Security": %hex values%)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DISTRIBUMKQ ("NextInstance": dword:00000001)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DISTRIBUMKQ\0000 ("Service": "Distribumkq"; "Legacy": dword:00000001; "ConfigFlags": dword:00000000; "Class": "LegacyDriver"; "ClassGUID": "{8ECC055D-047F-11D1-A537-0000F8753ED1}"; "DeviceDesc": "Distribuqre Transaction Coordinator Service")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DISTRIBUMKQ\0000\Control ("*NewlyCreated*": dword:00000000; "ActiveService": "Distribumkq")
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Distribumkq\Enum ("0": "Root\LEGACY_DISTRIBUMKQ\0000"; "Count": dword:00000001; "NextInstance": dword:00000001)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent (@: dword:00000011)
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Distribumkq ("Description": "Distribuoxs Transaction Coordinator Service.")

Help make the web safer by sending us suspicious files/URLs to analyze

Submit your file/URL or Go to Avira Answers

Why submit a suspicious file?

If you encountered a suspicious file or website that’s not in our database, we’ll analyze it and determine whether it’s harmful. Our findings are then pushed out to our millions of users with their next virus database update. If you have Avira, you’ll get that update too. Don’t have Avira? Get it on our homepage.

What’s Avira Answers?

It’s our thriving community of technical professionals and part-time experts, working together to help solve tech problems. It’s the perfect place to pose your question to a community of fellow Avira users.