Descripción completa

Nombre:	Worm/Kolab.esh.2
Descubierto:	12/11/2009
Tipo:	Gusano
En circulación (ITW):	Sí
Número de infecciones comunicadas:	Medio-bajo
Potencial de propagación:	Medio-bajo
Potencial dañino:	Medio
Fichero estático:	Sí
Tamaño:	140.800 Bytes
Suma de control MD5:	1273c9e8b0ab30604c4d9dd195b86e43
Versión del IVDF:	7.01.06.229 - jueves, 12 de noviembre de 2009

General Método de propagación:
   • Autorun feature (es)

Alias:
   • Sophos: Troj/IRCbot-AGK
   • Panda: W32/P2PWorm.HQ
   • Eset: Win32/AutoRun.IRCBot.DI
   • Bitdefender: Trojan.Delf.Agent.X

Plataformas / Sistemas operativos:
   • Windows 2000
   • Windows XP
   • Windows 2003

Efectos secundarios:
   • Bloquea el acceso a ciertos sitios web
   • Bloquea el acceso a portales de seguridad
   • Suelta ficheros dañinos
   • Reduce las opciones de seguridad
   • Modificaciones en el registro
   • Posibilita el acceso no autorizado al ordenador

Ficheros Se copia a sí mismo en las siguientes ubicaciones:
   • %SYSDIR%\wmisprc.exe
   • \RECDIR-5902\data.sys

Elimina la copia inicial del virus.

Elimina el siguiente fichero:
   • %SYSDIR%\drivers\etc\hosts

Crea los siguientes ficheros:

– \autorun.inf Este es un fichero de texto que no presenta riesgo alguno e incluye el siguiente contenido:
   •

– %SYSDIR%\drivers\debug32.sys Los análisis adicionales indicaron que este fichero es también viral. Detectado como: Worm/IrcBot.11656.6

Intenta ejecutar los ficheros siguientes:

– Ejecuta uno de los ficheros siguientes:
   • sc config avg8wd start= disabled

– Ejecuta uno de los ficheros siguientes:
   • net stop NOD32krn

– Ejecuta uno de los ficheros siguientes:
   • "%SYSDIR%\wmisprc.exe"

– Ejecuta uno de los ficheros siguientes:
   • CMD /C del /F /S /Q *.com

– Ejecuta uno de los ficheros siguientes:
   • CMD /C sc stop NOD32krn

– Ejecuta uno de los ficheros siguientes:
   • ipconfig /flushdns

– Ejecuta uno de los ficheros siguientes:
   • net1 stop avg8wd

– Ejecuta uno de los ficheros siguientes:
   • sc delete avg8wd

– Ejecuta uno de los ficheros siguientes:
   • sc config NOD32krn start= disabled

– Ejecuta uno de los ficheros siguientes:
   • net stop avg8wd

– Ejecuta uno de los ficheros siguientes:
   • CMD /C net stop NOD32krn

– Ejecuta uno de los ficheros siguientes:
   • CMD /C sc config avg8wd start= disabled

– Ejecuta uno de los ficheros siguientes:
   • sc stop NOD32krn

– Ejecuta uno de los ficheros siguientes:
   • CMD /C sc delete avg8wd

– Ejecuta uno de los ficheros siguientes:
   • CMD /C net stop avg8wd

– Ejecuta uno de los ficheros siguientes:
   • CMD /C sc delete NOD32krn

– Ejecuta uno de los ficheros siguientes:
   • net1 stop NOD32krn

– Ejecuta uno de los ficheros siguientes:
   • sc stop avg8wd

– Ejecuta uno de los ficheros siguientes:
   • CMD /C del /F /S /Q *.zip

– Ejecuta uno de los ficheros siguientes:
   • CMD /C sc config NOD32krn start= disabled

– Ejecuta uno de los ficheros siguientes:
   • CMD /C sc stop avg8wd

– Ejecuta uno de los ficheros siguientes:
   • sc delete NOD32krn

– Ejecuta uno de los ficheros siguientes:
   • CMD /C del /F /S /Q *.scr

Registro Añade uno de los siguientes valores en el registro, para ejecutar los procesos al reiniciar el sistema:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "ctfmon.exe"="ctfmon.exe"

Añade las siguientes claves al registro:

– [HKLM\SOFTWARE\Policies\Microsoft\MRT]
   • "DontReportInfectionInformation"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Security Center]
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000001
   • "FirewallDisableNotify"=dword:0x00000001
   • "FirewallOverride"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ctfmon.exe]
   • "Debugger"="wmisprc.exe"

– [HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
   • "DisableConfig"=dword:0x00000001

– [HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
   • "DoNotAllowXPSP2"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%SYSDIR%\wmisprc.exe"="DisableNXShowUI"

Modifica las siguientes claves del registro:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   Nuevo valor:
   • "DisableSR"=dword:0x00000001

Varias opciones de configuración en Explorer:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Nuevo valor:
   • "Hidden"=dword:0x00000002

– [HKLM\SYSTEM\CurrentControlSet\Control]
   Nuevo valor:
   • "WaitToKillServiceTimeout"="7000"

– [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
   Nuevo valor:
   • "ctfmon.exe"="ctfmon.exe"

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   Nuevo valor:
   • "%SYSDIR%\wmisprc.exe"="%SYSDIR%\wmisprc.exe:*:Enabled:Windows Live"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\SuperHidden]
   Nuevo valor:
   • "CheckedValue"=dword:0x00000001

– [HKLM\SYSTEM\CurrentControlSet\Control\Lsa]
   Nuevo valor:
   • "restrictanonymous"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Ole]
   Nuevo valor:
   • "EnableDCOM"="N"

– [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]
   Nuevo valor:
   • "ctfmon.exe"="ctfmon.exe"

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile\AuthorizedApplications\List]
   Nuevo valor:
   • "%SYSDIR%\wmisprc.exe"="%SYSDIR%\wmisprc.exe:*:Enabled:Windows Live"

– [HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
   Nuevo valor:
   • "Start"=dword:0x00000004

IRC Para enviar informaciones y proporcionar control remoto, se conecta al siguiente servidor IRC:

Servidor: merlin.fl**********.info
Puerto: 40931
Canal: #w1sd0m
Apodo: [00|USA|XP|%número%]

Ficheros host El fichero host es modificado de la siguiente manera:

– El acceso a los siguientes dominios es redirigido a otras destinaciones:
   • 209.85.225.99 msnfix.changelog.fr;
      209.85.225.99 www.incodesolutions.com;
      209.85.225.99 virusinfo.prevx.com;
      209.85.225.99 download.bleepingcomputer.com;
      209.85.225.99 www.dazhizhu.cn; 209.85.225.99 foro.noticias3d.com;
      209.85.225.99 www.nabble.com; 209.85.225.99 lurker.clamav.net;
      209.85.225.99 lexikon.ikarus.at;
      209.85.225.99 research.sunbelt-software.com;
      209.85.225.99 www.virusdoctor.jp; 209.85.225.99 www.elitepvpers.de;
      209.85.225.99 guru.avg.com; 209.85.225.99 www.superuser.co.kr;
      209.85.225.99 ntfaq.co.kr; 209.85.225.99 v.dreamwiz.com;
      209.85.225.99 cit.kookmin.ac.kr; 209.85.225.99 forums.whatthetech.com;
      209.85.225.99 forum.hijackthis.de; 209.85.225.99 avg.vo.llnwd.net;
      209.85.225.99 www.huaifai.go.th; 209.85.225.99 www.mostz.com;
      209.85.225.99 www.krupunmai.com; 209.85.225.99 www.cddchiangmai.net;
      209.85.225.99 forum.malekal.com; 209.85.225.99 tech.pantip.com;
      209.85.225.99 sapcupgrades.com;
      209.85.225.99 www.elguruinformatico.com;
      209.85.225.99 www.247fixes.com; 209.85.225.99 forum.sysinternals.com;
      209.85.225.99 forum.telecharger.01net.com; 209.85.225.99 sophos.com;
      209.85.225.99 foros.softonic.com;
      209.85.225.99 avast-home.uptodown.com;
      209.85.225.99 dr-web-cureit.softonic.com;
      209.85.225.99 www.f-secure.com; 209.85.225.99 www.chkrootkit.org;
      209.85.225.99 diamondcs.com.au; 209.85.225.99 www.rootkit.nl;
      209.85.225.99 www.sysinternals.com; 209.85.225.99 z-oleg.com;
      209.85.225.99 espanol.dir.groups.yahoo.com;
      209.85.225.99 www.castlecrops.com; 209.85.225.99 www.misec.net;
      209.85.225.99 safecomputing.umn.edu;
      209.85.225.99 www.antirootkit.com; 209.85.225.99 www.greatis.com;
      209.85.225.99 ar.answers.yahoo.com; 209.85.225.99 www.elhacker.org;
      209.85.225.99 www.rootkit.com; 209.85.225.99 www.pctools.com;
      209.85.225.99 www.pcsupportadvisor.com;
      209.85.225.99 www.resplendence.com;
      209.85.225.99 www.personal.psu.edu; 209.85.225.99 foro.ethek.com;
      209.85.225.99 foro.elhacker.net; 209.85.225.99 vil.nail.com;
      209.85.225.99 search.mcafee.com; 209.85.225.99 wwww.mcafee.com;
      209.85.225.99 download.nai.com;
      209.85.225.99 wwww.experts-exchange.com;
      209.85.225.99 www.bakunos.com; 209.85.225.99 www.darkclockers.com;
      209.85.225.99 www.Merijn.org; 209.85.225.99 www.spywareinfo.com;
      209.85.225.99 www.spybot.info; 209.85.225.99 www.viruslist.com;
      209.85.225.99 www.hijackthis.de; 209.85.225.99 www.f-secure.com;
      209.85.225.99 forum.kaspersky.com;
      209.85.225.99 es.trendmicro-europe.com; 209.85.225.99 majorgeeks.com;
      209.85.225.99 www.avp.com; 209.85.225.99 www.virustotal.com;
      209.85.225.99 www.sophos.com; 209.85.225.99 linhadefensiva.uol.com.br;
      209.85.225.99 cmmings.cn; 209.85.225.99 www.sergiwa.com;
      209.85.225.99 www.el-hacker.com; 209.85.225.99 www.avg-antivirus.net;
      209.85.225.99 www.kaspersky-labs.com; 209.85.225.99 www.kaspersky.com;
      209.85.225.99 www.bleepingcomputer.com;
      209.85.225.99 www.free.grisoft.com;
      209.85.225.99 alerta-antivirus.inteco.es;
      209.85.225.99 securityresponse.symantec.com;
      209.85.225.99 www.analysis.seclab.tuwien.ac.at;
      209.85.225.99 www.symantec.com; 209.85.225.99 www.kztechs.com;
      209.85.225.99 ad-aware-se.uptodown.com;
      209.85.225.99 stdio-labs.blogspot.com;
      209.85.225.99 liveupdate.symantecliveupdate.com;
      209.85.225.99 liveupdate.symantec.com;
      209.85.225.99 customer.symantec.com;
      209.85.225.99 update.symantec.com; 209.85.225.99 www.box.net;
      209.85.225.99 foro.el-hacker.com; 209.85.225.99 www.mcafee.com;
      209.85.225.99 www.free.avg.com; 209.85.225.99 download.mcafee.com;
      209.85.225.99 mast.mcafee.com; 209.85.225.99 www.tecno-soft.com;
      209.85.225.99 ladooscuro.es; 209.85.225.99 ftp.drweb.com;
      209.85.225.99 download.microsoft.comguru0.grisoft.cz;
      209.85.225.99 guru1.grisoft.cz; 209.85.225.99 guru2.grisoft.cz;
      209.85.225.99 guru3.grisoft.cz;
      209.85.225.99 download.bleepingcomputer.com;
      209.85.225.99 it.answers.yahoo.com; 209.85.225.99 www.softonic.com;
      209.85.225.99 guru4.grisoft.cz; 209.85.225.99 guru5.grisoft.cz;
      209.85.225.99 www.virusspy.com;
      209.85.225.99 www.download.f-secure.com;
      209.85.225.99 www.malwareremoval.com; 209.85.225.99 forums.cnet.com;
      209.85.225.99 foros.softonic.com;
      209.85.225.99 hjt-data.trend-braintree.com;
      209.85.225.99 www.pantip.com; 209.85.225.99 secubox.aldria.com;
      209.85.225.99 www.forospyware.com;
      209.85.225.99 www.manuelruvalcaba.com;
      209.85.225.99 www.zonavirus.com; 209.85.225.99 www.leforo.com;
      209.85.225.99 www.siteadvisor.com; 209.85.225.99 blog.threatfire.com;
      209.85.225.99 www.threatexpert.com; 209.85.225.99 blog.hispasec.com;
      209.85.225.99 www.configurarequipos.com;
      209.85.225.99 sosvirus.changelog.fr; 209.85.225.99 www.psicofxp.com;
      209.85.225.99 mailcenter.rising.com.cn;
      209.85.225.99 mailcenter.rising.com; 209.85.225.99 www.rising.com.cn;
      209.85.225.99 www.rising.com; 209.85.225.99 www.babooforum.com.br;
      209.85.225.99 www.runscanner.net; 209.85.225.99 www.blogschapines.com;
      209.85.225.99 sosvirus.changelog.fr;
      209.85.225.99 upload.changelog.fr; 209.85.225.99 www.raymond.cc;
      209.85.225.99 changelog.fr; 209.85.225.99 www.pcentraide.com;
      209.85.225.99 atazita.blogspot.com; 209.85.225.99 www.thinkpad.cn;
      209.85.225.99 www.final4ever.com; 209.85.225.99 files.filefont.com;
      209.85.225.99 www.infos-du-net.com; 209.85.225.99 www.trendsecure.com;
      209.85.225.99 forum.hardware.fr;
      209.85.225.99 www.utilidades-utiles.com;
      209.85.225.99 blogs.icerocket.com; 209.85.225.99 www.spychecker.com;
      209.85.225.99 www.geekstogo.com; 209.85.225.99 forums.maddoktor2.com;
      209.85.225.99 www.smokey-services.eu; 209.85.225.99 www.clubic.com;
      209.85.225.99 www.linhadefensiva.org;
      209.85.225.99 www.rolandovera.com;
      209.85.225.99 download.sysinternals.com;
      209.85.225.99 www.pcguide.com; 209.85.225.99 www.thetechguide.com;
      209.85.225.99 www.ozzu.com; 209.85.225.99 www.changedetection.com;
      209.85.225.99 espanol.groups.yahoo.com;
      209.85.225.99 www.sunbeltsecurity.com;
      209.85.225.99 community.thaiware.com;
      209.85.225.99 www.avpclub.ddns.info;
      209.85.225.99 www.offensivecomputing.net;
      209.85.225.99 www.grisoft.com; 209.85.225.99 boardreader.com;
      209.85.225.99 www.guiadohardware.net;
      209.85.225.99 www.msnvirusremoval.com; 209.85.225.99 www.cisrt.org;
      209.85.225.99 fixmyim.com; 209.85.225.99 samroeng.hi5.com;
      209.85.225.99 foro.elhacker.net; 209.85.225.99 www.daboweb.com;
      209.85.225.99 service1.symantec.com; 209.85.225.99 forums.techguy.org;
      209.85.225.99 www.incodesolutions.com;
      209.85.225.99 hijackthis.download3000.com;
      209.85.225.99 www.cybertechhelp.com;
      209.85.225.99 www.superdicas.com.br; 209.85.225.99 www.51nb.com;
      209.85.225.99 downloads.andymanchesta.com;
      209.85.225.99 andymanchesta.com; 209.85.225.99 info.prevx.com;
      209.85.225.99 aknow.prevx.com; 209.85.225.99 www.zonavirus.com;
      209.85.225.99 securitywonks.net; 209.85.225.99 www.yoreparo.com;
      209.85.225.99 www.lavasoft.com; 209.85.225.99 www.virscan.org;
      209.85.225.99 www.eeload.com; 209.85.225.99 down.www.kingsoft.com;
      209.85.225.99 www.file.net; 209.85.225.99 onecare.live.com;
      209.85.225.99 mvps.org; 209.85.225.99 www.laneros.com;
      209.85.225.99 www.housecall.trendmicro.com;
      209.85.225.99 www.avast.com; 209.85.225.99 www.free.avg.com;
      209.85.225.99 www.onlinescan.avast.com; 209.85.225.99 www.ewido.net;
      209.85.225.99 www.trucoswindows.net;
      209.85.225.99 www.mozilla-hispano.org;
      209.85.225.99 www.futurenow.bitdefender.com;
      209.85.225.99 www.bitdefender.com; 209.85.225.99 www.f-prot.com;
      209.85.225.99 www.trendsecure.com;
      209.85.225.99 security.symantec.com;
      209.85.225.99 oldtimer.geekstogo.com; 209.85.225.99 www.avira.com;
      209.85.225.99 www.eset.com; 209.85.225.99 www.free.avg.com;
      209.85.225.99 www.free-av.com; 209.85.225.99 kr.ahnlab.com;
      209.85.225.99 www.eset.com; 209.85.225.99 forospyware.com;
      209.85.225.99 thejokerx.blogspot.com; 209.85.225.99 www.2-spyware.com;
      209.85.225.99 www.antivir.es; 209.85.225.99 www.prevx.com;
      209.85.225.99 www.ikarus.net; 209.85.225.99 bbs.s-sos.net;
      209.85.225.99 www.housecall.trendmicro.com;
      209.85.225.99 www.superdicas.com.br;
      209.85.225.99 www.forums.majorgeeks.com;
      209.85.225.99 www.castlecops.com; 209.85.225.99 www.virusspy.com;
      209.85.225.99 andymanchesta.com; 209.85.225.99 www.kaspersky.es;
      209.85.225.99 subs.geekstogo.com; 209.85.225.99 www.forospanish.com;
      209.85.225.99 www.trendmicro.com; 209.85.225.99 www.fortinet.com;
      209.85.225.99 www.safer-networking.org;
      209.85.225.99 www.fortiguardcenter.com;
      209.85.225.99 www.dougknox.com; 209.85.225.99 www.vsantivirus.com;
      209.85.225.99 static.commentcamarche.net;
      209.85.225.99 www.firewallguide.com; 209.85.225.99 www.auditmypc.com;
      209.85.225.99 www.spywaredb.com; 209.85.225.99 www.mxttchina.com;
      209.85.225.99 www.ziggamza.net; 209.85.225.99 www.forospyware.es;
      209.85.225.99 pogonyuto.forospanish.com;
      209.85.225.99 www.antivirus.comodo.com;
      209.85.225.99 www.spywareterminator.com;
      209.85.225.99 www.eradicatespyware.net;
      209.85.225.99 www.freespywareremoval.info;
      209.85.225.99 www.personalfirewall.comodo.com;
      209.85.225.99 www.clamav.net; 209.85.225.99 www.antivirus.about.com;
      209.85.225.99 www.pandasecurity.com; 209.85.225.99 www.webphand.com;
      209.85.225.99 mx.answers.yahoo.com;
      209.85.225.99 www.securitywonks.net;
      209.85.225.99 www.messengeradictos.com;
      209.85.225.99 www.sandboxie.com; 209.85.225.99 www.clamwin.com;
      209.85.225.99 www.cwsandbox.org; 209.85.225.99 www.ca.com;
      209.85.225.99 www.arswp.com; 209.85.225.99 es.answers.yahoo.com;
      209.85.225.99 www.trucoswindows.es; 209.85.225.99 www.ipaddresser.com;
      209.85.225.99 www.networkworld.com;
      209.85.225.99 www.cddchiangmai.net;
      209.85.225.99 www.threatexpert.com; 209.85.225.99 www.norman.com;
      209.85.225.99 espanol.answers.yahoo.com;
      209.85.225.99 www.tallemu.com; 209.85.225.99 foro.portalhacker.net;
      209.85.225.99 virscan.org; 209.85.225.99 www.viruschief.com;
      209.85.225.99 scanner.virus.org; 209.85.225.99 www.hijackthis.de;
      209.85.225.99 housecall65.trendmicro.com;
      209.85.225.99 www.guiadohardware.net;
      209.85.225.99 forums.whatthetech.com;
      209.85.225.99 hjt.networktechs.com;
      209.85.225.99 www.techsupportforum.com;
      209.85.225.99 www.whatthetech.com; 209.85.225.99 www.soccersuck.com;
      209.85.225.99 www.pcentraide.com;
      209.85.225.99 comunidad.wilkinsonpc.com.co;
      209.85.225.99 forum.piriform.com;
      209.85.225.99 www.tweaksforgeeks.com; 209.85.225.99 www.daniweb.com;
      209.85.225.99 www.geekstogo.com; 209.85.225.99 es.answers.yahoo.com;
      209.85.225.99 www.techsupportforum.com; 209.85.225.99 www.pchell.com;
      209.85.225.99 www.spyany.com; 209.85.225.99 forums.techguy.org;
      209.85.225.99 www.experts-exchange.com; 209.85.225.99 www.wikio.es;
      209.85.225.99 www.pandasecurity.com; 209.85.225.99 forums.devshed.com;
      209.85.225.99 forum.tweaks.com; 209.85.225.99 www.wilderssecurity.com;
      209.85.225.99 www.techspot.com;
      209.85.225.99 www.thecomputerpitstop.com;
      209.85.225.99 es.wasalive.com; 209.85.225.99 secunia.com;
      209.85.225.99 www.killtrojan.net; 209.85.225.99 es.kioskea.net;
      209.85.225.99 www.taringa.net; 209.85.225.99 www.cyberdefender.com;
      209.85.225.99 www.feedage.com; 209.85.225.99 new.taringa.net;
      209.85.225.99 forum.zazana.com;
      209.85.225.99 forum.clubedohardware.com.br;
      209.85.225.99 www.computing.net;
      209.85.225.99 discussions.virtualdr.com;
      209.85.225.99 forum.securitycadets.com; 209.85.225.99 www.techimo.com;
      209.85.225.99 13iii.com; 209.85.225.99 www.dicasweb.com.br;
      209.85.225.99 www.infosecpodcast.com; 209.85.225.99 www.usbcleaner.cn;
      209.85.225.99 www.net-security.org;
      209.85.225.99 www.bleedingthreats.net;
      209.85.225.99 acs.pandasoftware.com; 209.85.225.99 www.funkytoad.com;
      209.85.225.99 www.360safe.cn; 209.85.225.99 www.360safe.com;
      209.85.225.99 bbs.360safe.cn; 209.85.225.99 bbs.360safe.com;
      209.85.225.99 codehard.wordpress.com;
      209.85.225.99 forum.clubedohardware.com.br;
      209.85.225.99 antitrick.com; 209.85.225.99 www.360.cn;
      209.85.225.99 www.360.com; 209.85.225.99 bbs.360safe.cn;
      209.85.225.99 bbs.360safe.com; 209.85.225.99 www.forospyware.es;
      209.85.225.99 p3dev.taringa.net;
      209.85.225.99 www.precisesecurity.com; 209.85.225.99 baike.360.cn;
      209.85.225.99 baike.360.com; 209.85.225.99 kaba.360.cn;
      209.85.225.99 kaba.360.com; 209.85.225.99 deckard.geekstogo.com;
      209.85.225.99 www.taringa.net; 209.85.225.99 forums.comodo.com;
      209.85.225.99 www.mvps.org; 209.85.225.99 down.360safe.cn;
      209.85.225.99 down.360safe.com; 209.85.225.99 x.360safe.com;
      209.85.225.99 dl.360safe.com; 209.85.225.99 ftp.drweb.com;
      209.85.225.99 www.hotshare.net; 209.85.225.99 es.wasalive.com;
      209.85.225.99 free.antivirus.com; 209.85.225.99 updatem.360safe.com;
      209.85.225.99 updatem.360safe.cn; 209.85.225.99 update.360safe.cn;
      209.85.225.99 update.360safe.com;
      209.85.225.99 www.utilidades-utiles.com;
      209.85.225.99 forum.kaspersky.com; 209.85.225.99 bbs.duba.net;
      209.85.225.99 www.duba.net; 209.85.225.99 zhidao.baidu.com;
      209.85.225.99 hi.baidu.com; 209.85.225.99 www.drweb.com.es;
      209.85.225.99 msncleaner.softonic.com;
      209.85.225.99 www.javacoolsoftware.com; 209.85.225.99 file.ikaka.com;
      209.85.225.99 file.ikaka.cn; 209.85.225.99 bbs.ikaka.com;
      209.85.225.99 zhidao.ikaka.com; 209.85.225.99 www.eset-la.com;
      209.85.225.99 www.eset-la.com;
      209.85.225.99 software-files.download.com;
      209.85.225.99 www.ikaka.com; 209.85.225.99 www.ikaka.cn;
      209.85.225.99 bbs.cfan.com.cn; 209.85.225.99 www.cfan.com.cn;
      209.85.225.99 www.pandasecurity.com; 209.85.225.99 es.mcafee.com;
      209.85.225.99 downloads.malwarebytes.org; 209.85.225.99 bbs.kafan.cn;
      209.85.225.99 bbs.kafan.com; 209.85.225.99 bbs.kpfans.com;
      209.85.225.99 bbs.taisha.org; 209.85.225.99 www.manuelruvalcaba.com;
      209.85.225.99 support.f-secure.com; 209.85.225.99 bbs.winzheng.com;
      209.85.225.99 alerta-antivirus.inteco.es;
      209.85.225.99 foros.zonavirus.com;
      209.85.225.99 alerta-antivirus.red.es;
      209.85.225.99 www.zonavirus.com; 209.85.225.99 www.malwarebytes.org;
      209.85.225.99 www.commentcamarche.net; 209.85.225.99 www.ewido.net;
      209.85.225.99 www.infospyware.com; 209.85.225.99 www.bitdefender.es;
      209.85.225.99 housecall.trendmicro.com;
      209.85.225.99 foros.toxico-pc.com; 209.85.225.99 www.identi.es;
      209.85.225.99 es.kioskea.net; 209.85.225.99 www.emsisoft.de;
      209.85.225.99 www.securitynewsportal.com

Datos del fichero Lenguaje de programación:
El programa de malware ha sido escrito en Delphi.

Descripción insertada por Petre Galan el jueves, 8 de abril de 2010
Descripción actualizada por Petre Galan el viernes, 9 de abril de 2010

Volver . . . .

¿Necesita arreglar su PC?

Productos destacados

Más productos

Más populares

Todos los productos

Particulares

Empresas

Laboratorio de virus

Más soporte

Hágase socio de Avira

Particulares

Empresas

?Solo quiere evaluar un producto?

Manuales y herramientas

Productos destacados

Más productos

Más populares

Todos los productos

Particulares

Empresas

Laboratorio de virus

Más soporte

Hágase socio de Avira

Particulares

Empresas

?Solo quiere evaluar un producto?

Manuales y herramientas