Descripción completa

Nombre:	TR/Dldr.Bagle.bbn
Descubierto:	18/01/2010
Tipo:	Troyano
Subtipo:	Downloader
En circulación (ITW):	Sí
Número de infecciones comunicadas:	Medio-bajo
Potencial de propagación:	Medio-bajo
Potencial dañino:	Medio
Fichero estático:	Sí
Tamaño:	868.352 Bytes
Suma de control MD5:	be43cd45ea5cd2a7dad3b98caa070f2a
Versión del IVDF:	7.10.02.217 - lunes 18 de enero de 2010

General Método de propagación:
   • Red local

Alias:
   • Bitdefender: Trojan.Generic.IS.514950
   • Panda: Trj/Thed.A
   • Eset: Win32/Bagle.RB

Plataformas / Sistemas operativos:
   • Windows 2000
   • Windows XP
   • Windows 2003

Efectos secundarios:
   • Descarga un fichero dañino
   • Suelta ficheros dañinos
   • Modificaciones en el registro

Ficheros Se copia a sí mismo en la siguiente ubicación:
   • %HOME%\Application Data\drivers\winupgro.exe

Crea los siguientes ficheros:

– %HOME%\Application Data\drivers\11s11ro1s1a2.sys
– %HOME%\Application Data\drivers\111wfs1intwq.sys Los análisis adicionales indicaron que este fichero es también viral. Detectado como: TR/Rootkit.Gen

Intenta descargar un fichero:

– Las direcciones son las siguientes:
   • http://abtherm.sk/**********
   • http://adtp.net/**********
   • http://ahmetyenicekesan.com/**********
   • http://altopalanciarural.es/**********
   • http://anamoraeventos.com.ar/**********
   • http://aportodas.org/**********
   • http://arco.com.ve/**********
   • http://autolauzynas.net/**********
   • http://azure.700megs.com/**********
   • http://azure.gbs.me/**********
   • http://bahmed.110mb.com/**********
   • http://baronestate.com/**********
   • http://biliardofelixna.altervista.org/**********
   • http://bilmiyorsan.com/**********
   • http://cazzovuoi.com/**********
   • http://cda-market.it/**********
   • http://chatliterario.com/**********
   • http://cidh.com.br/**********
   • http://cislpavia.it/**********
   • http://clanatos.com/**********
   • http://cvcduhake.sk/**********
   • http://dbtc.ivyro.net/**********
   • http://deudeuchclubsinois.org/**********
   • http://dev.liligoinside.fr/**********
   • http://dominguezreyes.com/**********
   • http://e-spacephoto.com/**********
   • http://edge-design.fr/**********
   • http://edilartepiracci.com/**********
   • http://elektrosikora.cz/**********
   • http://emsancirafet.com/**********
   • http://estanciasdebuenosaires.com/**********
   • http://fait.edu.br/**********
   • http://familly-pisteur.com/**********
   • http://fscarcantabria.com/**********
   • http://gitri.it/**********
   • http://haciyev.com/**********
   • http://haditheditions.com/**********
   • http://hamre.biz/**********
   • http://ieqalpha.com.br/**********
   • http://ihg.freehostia.com/**********
   • http://insta-serwis.pl/**********
   • http://itdsantarosa.com.ar/**********
   • http://listofproxies.com.ar/**********
   • http://livre-se-das-dividas.com.br/**********
   • http://losverdescadiz.org/**********
   • http://madsen-mjanghoej.dk/**********
   • http://maratonadoporto.com/**********
   • http://martinvilches.com/**********
   • http://miradaoculta.com/**********
   • http://msprojectsandservices.co.uk/**********
   • http://myf.intouchsystem.com/**********
   • http://nadadores.com/**********
   • http://nicocarbon.com.ar/**********
   • http://oficinadolaptop.com/**********
   • http://olcnet.com.ar/**********
   • http://parkjongchul.com/**********
   • http://piccoloalbergo.com.br/**********
   • http://prajna.com.br/**********
   • http://realce2.com.br/**********
   • http://robertexoo.nl/**********
   • http://rolfvenator.com.ar/**********
   • http://sankyogo.com/**********
   • http://sartoriagemmati.it/**********
   • http://serdataxp.it/**********
   • http://sex-porn-xxx.co.uk/**********
   • http://show-sexo.info/**********
   • http://skarby.tv/**********
   • http://sogefi-sig.com/**********
   • http://stovgaard.com/**********
   • http://stovgaard.dk/**********
   • http://suedtirol-meran.com/**********
   • http://tetriz.com.ar/**********
   • http://toutfaire-06.fr/**********
   • http://tribuandco.fr/**********
   • http://turistadelatlantico.com.ar/**********
   • http://uippet.it/**********
   • http://uowis.fr/**********
   • http://vendor.co.ba/**********
   • http://vladomg.110mb.com/**********
   • http://www.autohdm.com/**********
   • http://www.baravalle.es/**********
   • http://www.brodek.at/**********
   • http://www.casqueira.com/**********
   • http://www.cooltag.com.ar/**********
   • http://www.decoreacabamentos.com.br/**********
   • http://www.diswebline.com/**********
   • http://www.djbilly.ch/**********
   • http://www.ecxus.com.br/**********
   • http://www.enestancias.com.ar/**********
   • http://www.era-edu.com/**********
   • http://www.fotoygrafic.com/**********
   • http://www.gremiodigital.com/**********
   • http://www.hachani.com/**********
   • http://www.hetsi.com.br/**********
   • http://www.imovelegal.com.br/**********
   • http://www.intelmur.com/**********
   • http://www.medium.com.ar/**********
   • http://www.miraclecreation.com/**********
   • http://www.oshospirit.com/**********
   • http://www.presgroup.com.ar/**********
   • http://www.somosbarrieros.com/**********
   • http://www.t-shirts-camisetas.com/**********
   • http://www.tattoo-studio-aerzen.com/**********
   • http://www.technoflex.hu/**********
   • http://xposeegypt.com/**********
   • http://y-watanabe.sakura.ne.jp/**********
   • http://zajeziorze.lua.pl/**********
   • http://zang.com.br/**********

Intenta ejecutar el siguiente fichero:

– Ejecuta uno de los ficheros siguientes:
   • "%HOME%\Application Data\drivers\winupgro.exe"

Registro Añade la siguiente clave del registro para ejecutar el proceso al iniciar el sistema:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "drvsyskit"="%HOME%\Application Data\drivers\winupgro.exe"

Añade la siguiente clave al registro:

– [HKLM\SYSTEM\CurrentControlSet\Control\Network\NetCfgLockHolder]
   • "@"="%valores hex%"

Modifica las siguientes claves del registro:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   Nuevo valor:
   • "EnableLUA"=dword:0x00000000

– [HKLM\SOFTWARE\Microsoft\Windows\Security Center\Svc]
   Nuevo valor:
   • "EnableLUA"=dword:0x00000016

Infección en la red Para asegurar su propagación, el programa viral intenta conectarse a otros sistemas, tal como se describe a continuación.

Exploit:
Emplea la siguiente brecha de seguridad:
– MS05-039 (Vulnerability in Plug and Play)

Finalización de los procesos Listado de los procesos finalizados:
   • 0fcd0g.exe; a2cmd.exe; a2guard.exe; a2HiJackFree.exe; a2scan.exe;
      a2service.exe; a2start.exe; a2upd.exe; a2wizard.exe; aavshield.exe;
      aawservice.exe; About.exe; ABregmon.exe; ACAAS.exe; ACAEGMgr.exe;
      ACAIS.exe; ACALS.exe; ACASP.exe; AckWin32.exe; acs.exe; ADVCHK.EXE;
      Agb5.exe; Agb5_.exe; AhnSD.exe; airdefense.exe; alarm.exe;
      ALERTSVC.EXE; ALMon.exe; ALOGSERV.EXE; ALsvc.exe; ALUNOTIFY.EXE;
      ALUSchedulerSvc.exe; amon.exe; Anti-Trojan.exe; AntiVirus.exe;
      ANTS.EXE; antvrs.exe; appsvc32.exe; APVXDWIN.EXE;
      arcabit.core.configurator2.exe; arcabit.core.loggingservice.exe;
      ArcaCheck.exe; Armor2net.exe; ash.exe; ashAvast.exe; ashAvSrv.exe;
      ashchest.exe; ashDisp.exe; ashDug.exe; ashEnhcd.exe; ashLogV.exe;
      ashMaiSv.exe; ashPopWz.exe; ashQuick.exe; ashServ.exe; ashsimp2.exe;
      ashSimpl.exe; ashSkPcc.exe; ashSkPck.exe; ashUpd.exe; aswupdsv.exe;
      ashWebSv.exe; ash_UpdateMediator.exe; aswDisp.exe; aswRegSvr.exe;
      aswUpdSv.exe; AszMon.exe; ATCON.EXE; ATUPDATER.EXE; ATWATCH.EXE;
      AUPDATE.EXE; AUTODOWN.EXE; AutostartExplorer.exe; AUTOTRACE.EXE;
      AUTOUPDATE.EXE; av2009.exe; avadmin.exe; avcenter.exe; avciman.exe;
      avcmd.exe; avconfig.exe; Avconsol.exe; avenger.exe; AVENGINE.EXE;
      avesvc.exe; avfwsvc.exe; avgam.exe; avgamsvr.exe; avgarkt.exe;
      avgcc.exe; AVGCC32.EXE; AVGCTRL.EXE; avgdiag.exe; avgemc.exe;
      avgfws8.exe; avgfwsrv.exe; avginet.exe; avgnpdln.exe; avgnpsvc.exe;
      avgnsx.exe; avgnt.exe; avgrssvc.exe; avgrsx.exe; avgscan.exe;
      AVGSERV.EXE; avgtray.exe; AVGUARD.EXE; avgupden.exe; avgupsvc.exe;
      avgvv.exe; avgw.exe; avgwdsvc.exe; avgwizfw.exe; avinitnt.exe;
      avirarkd.exe; avkproxy.exe; AvkServ.exe; AVKService.exe; avktray.exe;
      AVKWCtl.exe; avmailc.exe; AVMenu.exe; avnotify.exe; AVP.EXE;
      AVP32.EXE; avpcc.exe; avpm.exe; avpmapp.exe; AVPUPD.EXE; avscan.exe;
      AVSCHED32.EXE; avserver.exe; avsynmgr.exe; avwebgrd.exe; AVWUPD32.EXE;
      AVWUPSRV.EXE; AVXMONITOR9X.EXE; AVXMONITORNT.EXE; AVXQUAR.EXE;
      avz.exe; BackWeb-4476822.exe; bdagent.exe; bdmcon.exe; bdnews.exe;
      bdoesrv.exe; bdss.exe; bdsubmit.exe; bdsubmitwiz.exe; BDSurvey.exe;
      bdswitch.exe; bdwizreg.exe; blackd.exe; blackice.exe; blindman.exe;
      BTIni.exe; BTIniNT.exe; bullguard.exe; bullguardupdate.exe;
      BZDCOMLAUNCH.exe; BZRPCSS.exe; CAAntiSpyware.exe; cafix.exe;
      cagloballight.exe; capfasem.exe; capfsem.exe;
      cappactiveprotection.exe; CavApp.exe; CaVasm.exe; CavAUD.exe;
      CavEmSrv.exe; Cavmr.exe; CavMUD.exe; Cavoar.exe; CavQ.exe; cavrid.exe;
      CAVSCons.exe; cavse.exe; CavSn.exe; CavSub.exe; CAVSubmit.exe;
      CavUMAS.exe; CavUserUpd.exe; Cavvl.exe; ccApp.exe; ccEvtMgr.exe;
      cclaw.exe; ccprovsp.exe; ccProxy.exe; ccSetMgr.exe; ccSvcHst.exe;
      cctray.exe; CEmRep.exe; CFIAUDIT.EXE; cfp.exe; clamscan.exe;
      ClamTray.exe; ClamWin.exe; Claw95.exe; Claw95cf.exe; cleaner.exe;
      cleaner3.exe; ClientGUI.exe; CliSvc.exe; CLNTSVC.exe; CMain.exe;
      cmdagent.exe; CMGrdian.exe; cntaosmgr.exe; ComboFix.exe; consctl.exe;
      copyx64.exe; cpd.exe; cssexc.exe; cssurf.exe; cureit.exe;
      custinstall.exe; custsetup.exe; DarkSpy105.exe; defensewall.exe;
      DefWatch.exe; dislite.exe; DOORS.EXE; dpatrolq.exe; drvctl.exe;
      DrVirus.exe; DrvMap.exe; drwadins.exe; 0fcd0g.exe; a2cmd.exe;
      a2guard.exe; a2HiJackFree.exe; a2scan.exe; a2service.exe; a2start.exe;
      a2upd.exe; a2wizard.exe; aavshield.exe; aawservice.exe; About.exe;
      ABregmon.exe; ACAAS.exe; ACAEGMgr.exe; ACAIS.exe; ACALS.exe;
      ACASP.exe; AckWin32.exe; acs.exe; ADVCHK.EXE; Agb5.exe; Agb5_.exe;
      AhnSD.exe; airdefense.exe; alarm.exe; ALERTSVC.EXE; ALMon.exe;
      ALOGSERV.EXE; ALsvc.exe; ALUNOTIFY.EXE; ALUSchedulerSvc.exe; amon.exe;
      Anti-Trojan.exe; AntiVirus.exe; ANTS.EXE; antvrs.exe; appsvc32.exe;
      APVXDWIN.EXE; arcabit.core.configurator2.exe;
      arcabit.core.loggingservice.exe; ArcaCheck.exe; Armor2net.exe;
      ash.exe; ashAvast.exe; ashAvSrv.exe; ashchest.exe; ashDisp.exe;
      ashDug.exe; ashEnhcd.exe; ashLogV.exe; ashMaiSv.exe; ashPopWz.exe;
      ashQuick.exe; ashServ.exe; ashsimp2.exe; ashSimpl.exe; ashSkPcc.exe;
      ashSkPck.exe; ashUpd.exe; aswupdsv.exe; ashWebSv.exe;
      ash_UpdateMediator.exe; aswDisp.exe; aswRegSvr.exe; aswUpdSv.exe;
      AszMon.exe; ATCON.EXE; ATUPDATER.EXE; ATWATCH.EXE; AUPDATE.EXE;
      AUTODOWN.EXE; AutostartExplorer.exe; AUTOTRACE.EXE; AUTOUPDATE.EXE;
      av2009.exe; avadmin.exe; avcenter.exe; avciman.exe; avcmd.exe;
      avconfig.exe; Avconsol.exe; avenger.exe; AVENGINE.EXE; avesvc.exe;
      avfwsvc.exe; avgam.exe; avgamsvr.exe; avgarkt.exe; avgcc.exe;
      AVGCC32.EXE; AVGCTRL.EXE; avgdiag.exe; avgemc.exe; avgfws8.exe;
      avgfwsrv.exe; avginet.exe; avgnpdln.exe; avgnpsvc.exe; avgnsx.exe;
      avgnt.exe; avgrssvc.exe; avgrsx.exe; avgscan.exe; AVGSERV.EXE;
      avgtray.exe; AVGUARD.EXE; avgupden.exe; avgupsvc.exe; avgvv.exe;
      avgw.exe; avgwdsvc.exe; avgwizfw.exe; avinitnt.exe; avirarkd.exe;
      avkproxy.exe; AvkServ.exe; AVKService.exe; avktray.exe; AVKWCtl.exe;
      avmailc.exe; AVMenu.exe; avnotify.exe; AVP.EXE; AVP32.EXE; avpcc.exe;
      avpm.exe; avpmapp.exe; AVPUPD.EXE; avscan.exe; AVSCHED32.EXE;
      avserver.exe; avsynmgr.exe; avwebgrd.exe; AVWUPD32.EXE; AVWUPSRV.EXE;
      AVXMONITOR9X.EXE; AVXMONITORNT.EXE; AVXQUAR.EXE; avz.exe;
      BackWeb-4476822.exe; bdagent.exe; bdmcon.exe; bdnews.exe; bdoesrv.exe;
      bdss.exe; bdsubmit.exe; bdsubmitwiz.exe; BDSurvey.exe; bdswitch.exe;
      bdwizreg.exe; blackd.exe; blackice.exe; blindman.exe; BTIni.exe;
      BTIniNT.exe; bullguard.exe; bullguardupdate.exe; BZDCOMLAUNCH.exe;
      BZRPCSS.exe; CAAntiSpyware.exe; cafix.exe; cagloballight.exe;
      capfasem.exe; capfsem.exe; cappactiveprotection.exe; CavApp.exe;
      CaVasm.exe; CavAUD.exe; CavEmSrv.exe; Cavmr.exe; CavMUD.exe;
      Cavoar.exe; CavQ.exe; cavrid.exe; CAVSCons.exe; cavse.exe; CavSn.exe;
      CavSub.exe; CAVSubmit.exe; CavUMAS.exe; CavUserUpd.exe; Cavvl.exe;
      ccApp.exe; ccEvtMgr.exe; cclaw.exe; ccprovsp.exe; ccProxy.exe;
      ccSetMgr.exe; ccSvcHst.exe; cctray.exe; CEmRep.exe; CFIAUDIT.EXE;
      cfp.exe; clamscan.exe; ClamTray.exe; ClamWin.exe; Claw95.exe;
      Claw95cf.exe; cleaner.exe; cleaner3.exe; ClientGUI.exe; CliSvc.exe;
      CLNTSVC.exe; CMain.exe; cmdagent.exe; CMGrdian.exe; cntaosmgr.exe;
      ComboFix.exe; consctl.exe; copyx64.exe; cpd.exe; cssexc.exe;
      cssurf.exe; cureit.exe; custinstall.exe; custsetup.exe;
      DarkSpy105.exe; defensewall.exe; DefWatch.exe; dislite.exe; DOORS.EXE;
      dpatrolq.exe; drvctl.exe; DrVirus.exe; DrvMap.exe; drwadins.exe;
      drweb32w.exe; drweb386.exe; drwebscd.exe; DRWEBUPW.EXE; drwebwcl.exe;
      drwreg.exe; dsa.exe; ecmd.exe; egni.exe; egui.exe; ekrn.exe;
      elogsvc.exe; EMM386.EXE; ESCANH95.EXE; ESCANHNT.EXE; escanmon.exe;
      esrreq.exe; essact.exe; ewidoctrl.exe; exit_av.exe;
      EzAntivirusRegistrationCheck.exe; F-AGNT95.EXE; F-PROT95.EXE;
      F-Sched.exe; F-StopW.EXE; FAMEH32.exe; FAST.EXE; FCH32.exe;
      feedback.exe; filemonsv.exe; firebird.exe; FireSvc.exe; FireTray.exe;
      FIREWALL.EXE; FLOPPY.EXE; FLOPPY9x.EXE; FLOPPYME.EXE; FPAVServer.exe;
      fpavupdm.exe; FProtTray.exe; fpscan.exe; fptrayproc.exe; FPWin.exe;
      freshclam.exe; FRW.EXE; fsample.exe; fsaua.exe; fsauach.exe; fsav.exe;
      fsav32.exe; fsavaui.exe; fsavgui.exe; fsavstrt.exe; fsavwsch.exe;
      fsavwscr.exe; fsbwsys.exe; fsdbuh.exe; fsdc.exe; fsdfwd.exe;
      FSDIAG.exe; FsDiagUi.exe; fsfwwsch.exe; fsfwwscr.exe; fsgetwab.exe;
      fsgk32.exe; fsgk32st.exe; fsguidll.exe; fsguiexe.exe; FSHDLL32.exe;
      fshelp.exe; FSHOTFIX.exe; fsihcomp.exe; fsihs.exe; FSIMAGE.EXE;
      FSLAUNCH.exe; FSM32.exe; FSMA32.exe; FSMB32.exe; fsorsp.exe; fspc.exe;
      fspex.exe; fsqh.exe; fssf.exe; fssg.exe; fssm32.exe; fsstm.exe;
      fssw.exe; fstlui.exe; fsuninst.exe; fsus.exe; FVProtect.exe;
      gcasDtServ.exe; gcasServ.exe; gdfirewalltray.exe; gdfwsvc.exe;
      GhostStartTrayApp.exe; GhostTray.exe; GIANTAntiSpywareMain.exe;
      GIANTAntiSpywareUpdater.exe; GUARD.EXE; guardgni.exe; GUARDGUI.EXE;
      GuardNT.exe; helper.exe; HijackThis.exe; HiJackThis_v2.exe;
      hipsdiag.exe; hookAnalyzer.exe; HRegMon.exe; Hrres.exe; HSockPE.exe;
      HUpdate.EXE; iamapp.exe; iamserv.exe; IceSword.exe; ICLOAD95.EXE;
      ICLOADNT.EXE; ICMON.EXE; ICSSUPPNT.EXE; ICSUPP95.EXE; ICSUPPNT.EXE;
      IERegFix.exe; IEShow.exe; IFACE.EXE; ih8.exe; ih8run.exe;
      ILAUNCHR.exe; INETUPD.EXE; Inicio.exe; InocIT.exe; InoRpc.exe;
      InoRT.exe; InoTask.exe; InoUpTNG.exe; InstallCAVS.exe;
      InstallLicense.exe; InstallLSP.exe; InstLsp.exe; INWISE.EXE;
      ioloAV.exe; ioloFW.exe; IOMON98.EXE; isafe.exe; ISATRAY.EXE;
      ISPNews.exe; isPwdsvc.exe; ISRV95.EXE; ISSVC.exe; isUAC.exe;
      itmrtsvc.exe; JEDI.EXE; jpf.exe; jpfsrv.exe; jpf_ip.dll; KAV.exe;
      kavmm.exe; KAVPF.exe; KavPFW.exe; KAVStart.exe; KAVSvc.exe;
      KAVSvcUI.EXE; KMailMon.EXE; KPfwSvc.EXE; KWatch.EXE; LAUNCH.exe;
      licmgr.exe; livesrv.exe; LiveUpdate.exe; LOCKDOWN2000.EXE;
      LogWatNT.exe; lpfw.exe; LUALL.EXE; LUCallbackProxy.exe; LUCheck.exe;
      LUCOMSERVER.EXE; LuComServer_3_2.EXE; LuConfig.exe; LUInit.exe;
      Luupdate.exe; MakeISO.exe; MalwareRemoval.exe; mantispm.exe;
      MBackMonitor.exe; MCAGENT.EXE; mcappins.exe; mcmnhdlr.exe;
      mcmscsvc.exe; mcnasvc.exe; mcproxy.exe; mcregwiz.exe; Mcshield.exe;
      mcsysmon.exe; mcuimgr.exe; MCUPDATE.EXE; mcvsmap.exe; mcvsshld.exe;
      MemString.exe; MINILOG.EXE; MONITOR.EXE; monlite.exe; MonSysNT.exe;
      MOOLIVE.EXE; moontray.exe; MpEng.exe; mpfagent.exe; mpfservice.exe;
      mpftray.exe; mpssvc.exe; mrtstub.exe; MSASCui.exe; MskSrver.exe;
      MSMPSVC.exe; MSProxy.ahn; mva.exe; MVC.exe; mwagent.exe; mwaser.exe;
      myAgtSvc.exe; myagttry.exe; navapsvc.exe; NAVAPW32.EXE; NavLu32.exe;
      NavShcom.exe; NAVStub.exe; NAVW32.EXE; Navwnt.exe; NDD32.EXE;
      NeoWatchLog.exe; NeoWatchTray.exe; netmonsv.exe; NetstatViewer.exe;
      nip.exe; nisoptui.exe; NISUM.EXE; njeeves.exe; NMAIN.EXE; nod32.exe;
      nod32krn.exe; nod32kui.exe; nodlogin.exe; NORMIST.EXE; NotifyHA.exe;
      notstart.exe; npavtray.exe; NPFMNTOR.EXE; npfmsg.exe; NPROTECT.EXE;
      NSCHED32.EXE; NSMdtr.exe; NssServ.exe; NssTray.exe; ntrtscan.exe;
      NTXconfig.exe; NUPGRADE.EXE; NVC95.EXE; nvcoas.exe; Nvcod.exe;
      nvcsched.exe; Nvcte.exe; Nvcut.exe; nvoy.exe; NWCDEX.EXE;
      NWService.exe; oasrv.exe; oaui.exe; OfcPfwSvc.exe; olAddin.exe;
      OnAccessInstaller.exe; op_mon.exe; osCheck.exe; OUTPOST.EXE;
      PartIn.exe; PartIn9x.exe; partinfo.exe; PartInNT.exe; PAV.EXE;
      PAVARK.exe; pavbckpt.exe; PavFires.exe; PavFnSvr.exe; Pavkre.exe;
      PavProt.exe; pavProxy.exe; pavprsrv.exe; pavsrv51.exe; PAVSS.EXE;
      pccguide.exe; PCCIOMON.EXE; pccntmon.exe; PCCPFW.exe; PcCtlCom.exe;
      PCTAV.exe; pctsauxs.exe; pctssvc.exe; pctstray.exe; PERSFW.EXE;
      pertsk.exe; PERVAC.EXE; pf6.exe; pg2.exe; PIFSvc.exe; PM8Flash.exe;
      PMagic.exe; PMagic9x.exe; PMagicBT.exe; PMagicNT.exe; PNMSRV.EXE;
      POLUTIL.exe; POP3TRAP.EXE; POPROXY.EXE; popscan.exe; postinstall.exe;
      PP2000.exe; ppavmon.exe; ppctlpriv.exe; ppfw.exe; ppinupdt.exe;
      ppserv.exe; pptbc.exe; PQBOOT.EXE; Pqboot32.exe; PQBOOTX.EXE;
      pqbw.exe; PQLAUNCH.EXE; PQMAGIC.EXE; PqPe.exe; pqpe9x.exe; pqpent.exe;
      PQV2iSvc.exe; preconfig.exe; preupd.exe; prevsrv.exe; PrevxSetup.exe;
      ProcessViewer.exe; psctrls.exe; pshost.exe; PsImSvc.exe; psksvc.exe;
      PTEDIT.EXE; PTEDIT32.EXE; PTEPIT32.EXE; PXAgent.exe; PXConsole.exe;
      PXL.exe; PXL1.exe; PXReset.exe; pxsupport.exe; QHM32.EXE;
      QHONLINE.EXE; QHONSVC.EXE; QHPF.EXE; qhwscsvc.exe; qklez.exe;
      qoeloader.exe; qrtfix.exe; quaranti.exe; RavMon.exe; RavTimer.exe;
      Realmon.exe; REALMON95.EXE; REATOGO_START.exe; register.exe;
      removeit.exe; Remover.exe; Rescue.exe; rfwmain.exe; RKUnhooker.exe;
      RkUService.exe; RootkitBuster.exe; Rootkit_Detective.exe; Rtvscan.exe;
      RTVSCN95.EXE; RuLaunch.exe; ruleeditor.exe; RunSetup.exe; sarcli.exe;
      sargui.exe; SAV32CLI.EXE; SAVAdminService.exe; SAVMain.exe;
      savprogress.exe; SavRoam.exe; SAVScan.exe; savservice.exe; SavUI.exe;
      sbamsvc.exe; sbamtray.exe; sbpfcl.exe; sbpflnch.exe; sbpfsvc.exe;
      SCAN32.EXE; scanner.exe; ScanningProcess.exe; scfmanager.exe;
      scfservice.exe; scftray.exe; sched.exe; sdhelp.exe; sdinvoker.exe;
      sdloader.exe; SDTrayApp.exe; seccenter.exe; SERVIC~1.EXE;
      sfctlcom.exe; shortcutCreator.exe; SHSTAT.exe; sigtool.exe;
      SiteCli.exe; smc.exe; SNDSrvc.exe; SNUTIL.EXE; SPBBCSvc.exe;
      SPHINX.EXE; spiderml.exe; spidernt.exe; Spiderui.exe; sporder.exe;
      SpybotSD.exe; SpywareTerminatorShield.exe; SPYXX.EXE; sp_rsser.exe;
      srvload.exe; SS3EDIT.EXE; StartMyagtTry.exe; start_diag.exe;
      stopsignav.exe; SubmitFiles.exe; SUPERAntiSpyware.exe; svcntaux.exe;
      swAgent.exe; swdoctor.exe; swdsvc.exe; SWNETSUP.EXE;
      SymantecRootInstaller.exe; symlcsvc.exe; SymProxySvc.exe;
      SymSPort.exe; SymWSC.exe; SYNMGR.EXE; Sysinfo.exe; SysSafe.exe;
      SystemGuardAlerter.exe; taskscheduler.exe; TAUMON.EXE; TBMon.exe;
      TC.EXE; tca.exe; TCM.EXE; TDS-3.EXE; TeaTimer.exe; TFAK.EXE;
      tfservice.exe; tgsvcstp.exe; THAV.EXE; THGnard.exe; THSM.EXE;
      Tmas.exe; tmas_oemon.exe; tmbmsrv.exe; tmlisten.exe; Tmntsrv.exe;
      TmPfw.exe; tmproxy.exe; TNBUtil.exe; tpsrv.exe; tracelog.exe;
      trayicos.exe; traysser.exe; Trjscan.exe; TrojanGuarder.exe;
      TrojanHunter.exe; trtddptr.exe; ufseagnt.exe; uiscan.exe;
      umxagent.exe; umxcfg.exe; umxfwhlp.exe; umxpol.exe; UninstallCAVS.exe;
      Uninstaller.exe; UninstallLSP.exe; UnlockerAssistant.exe;
      unp_test.exe; Up2Date.exe; UPDATE.EXE; UpdaterUI.exe; updclient.exe;
      upgrepl.exe; UPSObMaker.exe; UUpd.exe; V3ClnSrv.exe; vav.exe;
      Vba32ECM.exe; Vba32ifs.exe; vba32ldr.exe; Vba32PP3.exe; VBSNTW.exe;
      vchk.exe; vcrmon.exe; vetmsg.exe; VetTray.exe; viritexp.exe;
      viritsvc.exe; VirusKeeper.exe; VirusNews.exe; VistAux.exe;
      VisthLic.exe; VisthUpd.exe; VPC32.exe; VPTRAY.EXE; vrfwsvc.exe;
      VRMONNT.EXE; vrmonsvc.exe; vrrw32.exe; VSECOMR.EXE; Vshwin32.exe;
      vsmon.exe; vsserv.exe; VsStat.exe; WATCHDOG.EXE; Wclose.exe;
      webfiltr.exe; WebProxy.exe; Webscanx.exe; WEBTRAP.EXE; WGFE95.EXE;
      wil.exe; Winaw32.exe; WindowList.exe; WinPFind3U.exe; winroute.exe;
      winss.exe; winssnotify.exe; WRADMIN.EXE; WRCTRL.EXE; writespid.exe;
      WRPROG.EXE; wsctool.exe; xcommsvr.exe; zanda.exe; zatutor.exe;
      ZAUINST.EXE; zauninst.exe; zlclient.exe; ZLH.exe; zonealarm.exe

Listado de los servicios desactivados:
   • Jetico Personal Firewall server; LavasoftFirewall; PFNet; SfCtlCom;
      SvcOnlineArmor; TMBMServer; wuauserv; Aavmker4; ABVPN2K; acssrv;
      ADBLOCK.DLL; ADFirewall; AFWMCL; Ahnlab task Scheduler; alerter;
      AlertManger; AntiVir Service; AntiyFirewall; ARP.DLL; aswMon2; aswRdr;
      aswTdi; aswUpdSv; Ati HotKey Poller; avast! Antivirus; avast! Mail
      Scanner; avast! Web Scanner; AVEService; AVExch32Service; AvFlt;
      Avg7Alrt; Avg7Core; Avg7RsW; Avg7RsXP; Avg7UpdSvc; AvgCore; AvgFsh;
      AVGFwSrv; AvgFwSvr; AvgServ; AvgTdi; AVIRAMailService; AVIRAService;
      AVKProxy; AVKService; AVKWCtl; avpcc; AVUPDService; AVWUpSrv; AvxIni;
      awhost32; backweb client - 4476822; BackWeb Client - 7681197; backweb
      client-4476822; Bdfndisf; bdftdif; bdss; BlackICE; BsFileSpy;
      BsFirewall; BsMailProxy; CAISafe; ccEvtMgr; ccPwdSvc; ccSetMgr;
      ccSetMgr.exe; CONTENT.DLL; DefWatch; DNSCACHE.DLL; drwebnet; dvpapi;
      dvpinit; ewido security suite control; ewido security suite driver;
      ewido security suite guard; F-Prot Antivirus Update Monitor; F-Secure
      Gatekeeper Handler Starter; firewall; FSAUA; fsbwsys; FSDFWD; FSFW;
      FSMA; FTPFILT.DLL; FwcAgent; fwdrv; Guard NT; HSnSFW; HSnSPro;
      HTMLFILT.DLL; HTTPFILT.DLL; IMAPFILT.DLL; InoRPC; InoRT; InoTask;
      Ip6Fw; Ip6FwHlp; KAVMonitorService; KAVSvc; KLBLMain; KPfwSvc;
      KWatch3; KWatchSvc; MAILFILT.DLL; McAfee Firewall; McAfeeFramework;
      McShield; McTaskManager; mcupdmgr.exe; MCVSRte; Microsoft NetWork
      FireWall Services; MonSvcNT; MpfService; MpsSvc; navapsvc; Ndisuio;
      NDIS RD; Network Associates Log Service; nipsvc; NISSERV; NISUM;
      NNTPFILT.DLL; NOD32ControlCenter; NOD32krn; NOD32Service; Norman
      NJeeves; Norman Type-R; Norman ZANDA; Norton AntiVirus Server;
      NPDriver; NPFMntor; NProtectService; NSCTOP; nvcoas; NVCScheduler;
      nwclntc; nwclntd; nwclnte; nwclntf; nwclntg; nwclnth; NWService;
      OfcPfwSvc; Outbreak Manager; Outpost Firewall; OutpostFirewall;
      PASSRV; PAVAGENTE; PavAtScheduler; PAVDRV; PAVFIRES; PAVFNSVR; Pavkre;
      PavProc; PavProt; PavPrSrv; PavReport; PAVSRV; PCCPFW; PCC PFW;
      PersFW; Personal Firewall; POP3FILT.DLL; PREVSRV; PSIMSVC; qhwscsvc;
      Quick Heal Online Protection; ravmon8; RfwService; SAVFMSE; SAVScan;
      SBService; schscnt; SECRET.DLL; SharedAccess; SmcService; SNDSrvc;
      SPBBCSvc; SpiderNT; SweepNet; SWEEPSRV.SYS; Symantec AntiVirus Client;
      Symantec Core LC; The Hacker Antivirus; Tmntsrv; TmPfw; tmproxy;
      tmtdi; tm cfw; T H S M; V3MonNT; V3MonSvc; Vba32ECM; Vba32ifs;
      Vba32Ldr; Vba32PP3; VBCompManService; VexiraAntivirus; VFILT; VisNetic
      AntiVirus Plug-in; vrfwsvc; vsmon; VSSERV; WinAntivirus; WinDefend;
      WinRoute; wscsvc; wuauserv; xcomm

Tecnología Rootkit Es una tecnología específica para los virus. El programa malicioso oculta su presencia ante las herramientas del sistema, ante las aplicaciones de seguridad y, finalmente, ante el usuario.

Oculta las siguientes:
– Su propio fichero
– Su propio proceso

Datos del fichero Programa de compresión de ejecutables:
Para agravar la detección y reducir el tamaño del fichero, emplea el siguiente programa de compresión de ejecutables:
• Themida

Descripción insertada por Petre Galan el jueves 22 de julio de 2010
Descripción actualizada por Andrei Ivanes el jueves 29 de julio de 2010

Volver . . . .

Protección destacada para PC del hogar

Productos gratis

Más populares

Todos los productos

Paquetes de soluciones

Terminales

Server

Paquetes de soluciones

Puertas de enlace de correo

Puertas de enlace web

Plataformas de colaboración

Particulares

Empresas

Laboratorio de virus

Más soporte

Hágase socio de Avira

Particulares

Empresas

?Solo quiere evaluar un producto?

Manuales y herramientas