English
Deutsch
Français
Español
Italiano
Home
Virus Info
TR/NSAnti.B.7
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TechBlog
TR/NSAnti.B.7 - Trojan
See also
Summary
Full description
Statistics
How would you rate this information?
Worthless
Excellent
Virus:
TR/NSAnti.B.7
Date discovered:
29/07/2006
Type:
Trojan
In the wild:
No
Reported Infections:
Low
Distribution Potential:
Low
Damage Potential:
Low to medium
Static file:
Yes
File size:
42.102 Bytes
MD5 checksum:
caf96db786db731ed89d4ec7a7596ea5
VDF version:
6.35.01.20
IVDF version:
6.35.01.20
General
• Symantec: Trojan.PWS.QQPass
• TrendMicro: TSPY_QQPASS.QM
• Bitdefender: Trojan.NSAnti.B
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows ME
Side effects:
• Drops a file
• Drops a malicious file
• Records keystrokes
• Registry modification
• Steals information
Files
It copies itself to the following location:
•
%PROGRAM FILES%
\Internet Explorer\PLUGINS\system.jmp
It deletes the following files:
•
%WINDIR%
\DESKTOP\WODEXIAOSHIHOUCHAONAORENXINGDESHIHOU
•
%WINDIR%
\DESKTOP\WAIOZONGSHICHANGGEHONGWONAHSOUGEHAOXIANGZHEYANGCHANGDEWODEGUXIANGZAIYUANFANG
•
%WINDIR%
\DESKTOP\TIANHEIHEITIOOTIANTIANDOUYAONIAIWODEXINSIYOUNICAIBUYAOWENWOCONGNALILAI
•
%WINDIR%
\DESKTOP\NPKCRYPT.SYS
The following file is created:
–
%PROGRAM FILES%
\Internet Explorer\PLUGINS\system.sys Further investigation pointed out that this file is malware, too. Detected as: TR/PSW.QQRob.GD
Registry
– HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\
ShellExecuteHooks
• "{C9953583-932E-4EA1-A04B-4523AAB72C30}"=""
The following registry key is added:
– HKCR\CLSID\{C9953583-932E-4EA1-A04B-4523AAB72C30}\InProcServer32
• "Default"="
%PROGRAM FILES%
\Internet Explorer\PLUGINS\system.sys"
• "ThreadingModel"="Apartment"
Backdoor
Sends information about:
• Cached passwords
Injection
– It injects the following file into a process:
%PROGRAM FILES%
\Internet Explorer\PLUGINS\system.sys
– It injects itself as a thread into a process.
Process name:
•
%all running processes%
File details
Programming language:
The malware program was written in Delphi.
See a brief description
here
.
Description inserted by Bogdan Iliuta on Wed, 09 Aug 2006 12:26 (GMT+1)
Description updated by Andrei Ivanes on Mon, 14 Aug 2006 16:19 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
TR/Crypt.XPACK.Gen
HEUR/HTML.Malware
HTML/Infected.WebPage.Gen
ADSPY/AdSpy.Gen
HTML/Crypted.Gen
W32/Induc.Gen
TR/ATRAPS.Gen2
TR/Click.Yabector.8857.2
TR/PSW.Magania.auv
TR/Dldr.Bredolab.AX
Get comfortable up to the minute info from Avira as
Detects and removes distinct malware and its variants.
Download here
Click
here
to get the panel...
© 2009 Avira GmbH
Copyright
|
Privacy
|
Sitemap
|
Feedback
|
Imprint
|
FAQ
|
Contact
Virus Info TR/NSAnti.B.7
Print this page
.gif)
