English
Deutsch
Home
Virus Info
TR/Kebede.F
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TR/Kebede.F - Trojan
See also
Summary
Full description
Statistics
How would you rate this information?
Worthless
Excellent
Virus:
TR/Kebede.F
Date discovered:
29/06/2005
Type:
Trojan
In the wild:
No
Reported Infections:
Low
Distribution Potential:
Low
Damage Potential:
High
Static file:
Yes
File size:
12.304 Bytes
MD5 checksum:
d8b6aa4bf9ae89ca1eff5d86c4f45905
VDF version:
6.31.00.122
- Wed, 29 Jun 2005 16:00 (GMT+1)
General
Method of propagation:
• No own spreading routine
Aliases:
• TrendMicro: TROJ_KEDEBE.E
• Bitdefender: Trojan.Vb.ZX
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Blocks access to certain websites
• Lowers security settings
Files
It deletes files that contain one of the following substring:
• APLICA32
• APVXDWIN
• ATCON
• ATRO55EN
• AU
• AV
• BD_PROFESSIONAL
• BIDEF
• BIDSERVER
• BISP
• BLA
• BOOTWARN
• BORG2
• BS120
• CCAPP
• CLEAN
• CMD
• COMMAND
• CWNT
• DEPUTY
• DIAL
• DPF
• IFW2000
• DRWEBUPW
• EDIT
• ENT
• FAST
• FIREWALL
• FP-WIN_TRIAL
• FRW
• GBMENU
• GBPOLL
• GCAS
• GUARD
• HACKTRACERSETUP
• HIJACK
• HTLOG
• HWPE
• IAMAPP
• IAMSERV
• ICLOAD
• ICSSUPPNT
• ICSUPP95
• ICSUPPNT
• IPARMOR
• IRIS
• JAMMER
• KERIO
• LDPRO
• LLSSEV
• LOCALNET
• LOCKDOWN
• LSETUP
• LUALL
• LUCOMS
• MAIN
• MCA
• MGR
• MGUI
• MINILOG
• MON
• MOOLIVE
• MRFLUX
• MSCONFIG
• MSINFO32
• MSSMMC32
• MU0311AD
• NC2000
• NCINST4
• NDD32
• NETARMOR
• NETINFO
• NETSTAT
• NORTO
• MNTOR
• NTVDM
• NVARCH16
• NWINST4
• NWTOOL16
• OSTRONET
• OUTPOST
• PANIXK
• PC
• PDSETUP
• PERISCOPE
• PERSFW
• PF
• SHN
• PLATIN
• PORT
• PPINUPDT
• PPTBC
• PPVSTOP
• PROC
• PROTECT
• PROXY
• PSPF
• PURGE
• PVIEW95
• REG
• RESCUE
• RTVSCN95
• RULAUNCH
• SAFE
• SBSERV
• SCAN
• SD
• SETUPVAMEEVAL
• SGSSFW32
• SHELL
• SMSRSS
• SNDSRVC
• SOFI
• SOPHO
• SPBBCSVC
• SPF
• SPHINX
• SPY
• ST2
• STINGER
• SUPFTRL
• SYMA
• SYN
• TITANIN
• TRACERT
• TRJSETUP
• TROJAN
• UNDOBOOT
• UPDATE
• UPGRADE
• VIRUS
• ZON
Hosts
The host file is modified as explained:
– In this case existing entries are deleted.
– Access to the following domains is effectively blocked:
• symantec.com; www.symantec.com; www.microsoft.com; microsoft.com;
windowsupdate.com; securityresponse.symantec.com;
www.windowsupdate.com; sophos.com; www.sophos.com; mcafee.com;
definitions.symantec.com; networkassociates.com;
downloads-eu1.kaspersky-labs.com; downloads-us1.kaspersky-labs.com;
downloads4.kaspersky-labs.com; downloads3.kaspersky-labs.com;
downloads2.kaspersky-labs.com; downloads1.kaspersky-labs.com;
www.kaspersky.com; www.kaspersky-labs.com; download.mcafee.com;
updates.symantec.com; kaspersky.com; viruslist.com;
liveupdate.symantecliveupdate.com; www.f-secure.com; www.nai.com;
nai.com; trendmicro.com; www.download.com; download.com;
www.networkassociates.com; us.mcafee.com; www.zonelabs.com;
rads.mcafee.com; download.zonelabs.com; cm2.zonelabs.com; avp.com;
www.avp.com; update.zonelabs.com; www.mcafee.com; www.trendmicro.com;
dispatch.mcafee.com
The modified host file will look like this:
Process termination
Processes with one of the following strings are terminated:
• APLICA32; APVXDWIN; ATCON; ATRO55EN; AU; AV; BD_PROFESSIONAL; BIDEF;
BIDSERVER; BISP; BLA; BOOTWARN; BORG2; BS120; CCAPP; CLEAN; CMD;
COMMAND; CWNT; DEPUTY; DIAL; DPF; IFW2000; DRWEBUPW; EDIT; ENT; FAST;
FIREWALL; FP-WIN_TRIAL; FRW; GBMENU; GBPOLL; GCAS; GUARD;
HACKTRACERSETUP; HIJACK; HTLOG; HWPE; IAMAPP; IAMSERV; ICLOAD;
ICSSUPPNT; ICSUPP95; ICSUPPNT; IPARMOR; IRIS; JAMMER; KERIO; LDPRO;
LLSSEV; LOCALNET; LOCKDOWN; LSETUP; LUALL; LUCOMS; MAIN; MCA; MGR;
MGUI; MINILOG; MON; MOOLIVE; MRFLUX; MSCONFIG; MSINFO32; MSSMMC32;
MU0311AD; NC2000; NCINST4; NDD32; NETARMOR; NETINFO; NETSTAT; NORTO;
MNTOR; NTVDM; NVARCH16; NWINST4; NWTOOL16; OSTRONET; OUTPOST; PANIXK;
PC; PDSETUP; PERISCOPE; PERSFW; PF; SHN; PLATIN; PORT; PPINUPDT;
PPTBC; PPVSTOP; PROC; PROTECT; PROXY; PSPF; PURGE; PVIEW95; REG;
RESCUE; RTVSCN95; RULAUNCH; SAFE; SBSERV; SCAN; SD; SETUPVAMEEVAL;
SGSSFW32; SHELL; SMSRSS; SNDSRVC; SOFI; SOPHO; SPBBCSVC; SPF; SPHINX;
SPY; ST2; STINGER; SUPFTRL; SYMA; SYN; TITANIN; TRACERT; TRJSETUP;
TROJAN; UNDOBOOT; UPDATE; UPGRADE; VIRUS; ZON
Miscellaneous
Mutex:
It creates the following Mutex:
• DroppedKebede
File details
Programming language:
The malware program was written in Visual Basic.
Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
• UPX
See a brief description
here
.
Description inserted by Irina Boldea on Tue, 28 Mar 2006 10:09 (GMT+1)
Description updated by Irina Boldea on Tue, 28 Mar 2006 13:51 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
Worm/Netsky.HB
TR/Crypt.CFI.Gen
Worm/Netsky.D.Dam
W32/Elkern.C
Worm/Mytob.HA
Halifax 26
TR/Vundo.GJ
TR/Agent.Abt.3
Halifax 25
TR/Dldr.PurityScan.FK
Get comfortable up to the minute info from Avira as
Detects and removes the following malware and its variants:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
Download here
Click
here
to get the panel...
© 2008 Avira GmbH
Copyright
Privacy
Sitemap
Feedback
Imprint
FAQ
Contact
Virus Info TR/Kebede.F
Print this page
.gif)
