¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Nombre:TR/VB.QF
Descubierto:08/10/2010
Tipo:Troyano
En circulación (ITW):
Número de infecciones comunicadas:Medio-bajo
Potencial de propagación:Medio-bajo
Potencial dañino:Medio-bajo
Fichero estático:
Tamaño:53.248 Bytes
Suma de control MD5:dd82421a6535722ed7cbf23538c31573
Versión del VDF:7.10.05.166
Versión del IVDF:7.10.12.167 - viernes, 8 de octubre de 2010

 General Método de propagación:
   • Función de autoejecución


Alias:
   •  Mcafee: W32/Autorun.worm.g
   •  Kaspersky: Worm.Win32.AutoTsifiri.bs
   •  Sophos: W32/SillyFDC-FA
   •  Bitdefender: Trojan.Winlogonexe.C
   •  GData: Trojan.Winlogonexe.C


Plataformas / Sistemas operativos:
   • Windows 2000
   • Windows XP
   • Windows 2003


Efectos secundarios:
   • Bloquea el acceso a ciertos sitios web
   • Suelta ficheros dañinos
   • Reduce las opciones de seguridad
   • Modificaciones en el registro

 Ficheros Se copia a sí mismo en las siguientes ubicaciones:
   • %HOME%\%nombre del usuario actual%1\winlogon.exe
   • %disquetera%\explorer.exe



Elimina el siguiente fichero:
   • %SYSDIR%\drivers\etc\hosts



Crea los siguientes ficheros:

%disquetera%\autorun.inf Este es un fichero de texto que no presenta riesgo alguno e incluye el siguiente contenido:
   • %código que ejecuta malware%

%SYSDIR%\drivers\etc\hosts



Intenta ejecutar el siguiente fichero:

– Ejecuta uno de los ficheros siguientes:
   • %HOME%\%nombre del usuario actual%1\winlogon.exe

 Registro Añade las siguientes claves del registro para ejecutar los procesos al iniciar el sistema:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "NVIDIA Media Center Library "=""

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "NVIDIA Media Center Library "=""



Elimina del registro de Windows los valores de la siguiente clave:



Elimina del registro de Windows los valores de las siguientes claves:

–  [HKLM\SOFTWARE\Classes\lnkfile]
   • IsShortcut



Añade las siguientes claves al registro:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avnotify.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\_findviru.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\zlh.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\apvxdwin.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\amon9x.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ants.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Process.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\defalert.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avkwctl9.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\amon.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\zauinst.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cmgrdian.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avwsc.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avxquar.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avxw.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Procmon.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avguard.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   • "Default_Page_URL"="http://9-8-3-f-p-m-3-f-9-q**********z-4-a-q-0.info"
   • "Default_Search_URL"="http://f-2-c-7-2-1-p-t-9-v-6-.u-l**********-2-i-7-5-f-l-7-7-l-t-j-h-h-9.info"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cleaner.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\a2servic.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\autotrace.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\defscangui.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avgserv.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avgnt.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\bipcp.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avwebloader.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\f-prot95.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ccapp.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avwin95.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\expert.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avpcc.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\bidserver.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avkpop.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\bd_professional.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\aplica32.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\azonealarm.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cfinet.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UI0Detect.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ccsetmgr.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avp32.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Restart.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\zapro.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ccevtmgr.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avupgsvc.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cmd.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\zatutorzauinst.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avwinnt.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\anti-trojan.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\FPAVServer.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\deputy.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avp.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avcenter.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avsched32.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\connectionmonitor.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cmon016.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avkwcl9.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cpfnt206.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\antivirus.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avxmonitornt.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\zapsetup3001.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avpexec.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SmitfraudFix.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ChromeSetup.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avxmonitor9x.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\HJTInstall.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cfiaudit.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cpf.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\bidef.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\zatutor.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UserAccountControlSettings.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\SrchSTS.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cpf9x206.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cfind.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\zonalm2601.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avnt.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\f-agnt95.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Regmon.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cdp.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avgw.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\zonalarm.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cpd.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cclaw.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Safari.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
   • "NoFolderOptions"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avkserv.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avgserv9.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cleanpc.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ccshtdwn.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cfgwiz.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
   • "NoFile"=dword:0x00000001
   • "NoFolderOptions"=dword:0x00000001
   • "NoRun"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\zonealarm.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   • "ConsentPromptBehaviorAdmin"=dword:0x00000000
   • "EnableLUA"=dword:0x00000000
   • "PromptOnSecureDesktop"=dword:0x00000001

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\bipcpevalsetup.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\UCCLSID.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\apimonitor.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\bisp.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\EHttpSrv.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ccpxysvc.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\consent.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avkservice.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cwnb181.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cleaner3.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\antigen.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\f-stopw.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\explored.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\f-prot.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\autoupdate.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\BullGuard.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\defwatch.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avwupd32.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avscanavshadow.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avpdos32.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cwntdwmo.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Filemon.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cfiadmin.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avconfig.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ackwin32.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\Diskmon.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\cpdclnt.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avsynmgr.exe]
   • "Debugger"=""%HOME%\Administrator1\winlogon.exe""



Modifica las siguientes claves del registro:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   Nuevo valor:
   • "DisableSR"=dword:0x00000001

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Nuevo valor:
   • "Hidden"=dword:0x00000002
   • "HideFileExt"=dword:0x00000003
   • "ShowSuperHidden"=dword:0x00000000
   • "SuperHidden"=dword:0x00000001

– [HKCU\Control Panel\Sound]
   Nuevo valor:
   • "Beep"="no"

– [HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN]
   Nuevo valor:
   • "Default_Page_URL"="http://z-t-0-s-5-t-i-l-l-5-7-4-8-7-c-8-0-1-m-**********t-j-h-h-9.info"
   • "Default_Search_URL"="http://6-g-m-q-z-k-0-**********q-0.info"
   • "Local Page"="http://a-y-z-9-4-m-4-q-i-d-**********u-f-u.info"
   • "Search Page"="http://7-j-4-**********-h-h-9.info"
   • "Start Page"="http://n-x-r-0**********-4-a-q-0.info"

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   Nuevo valor:
   • "Local Page"="http://f-i-k-2-h-8-5-n-l-9-d-.5-b-e-n**********u-f-u.info"
   • "Search Page"="http://5-8-f-8-x-g**********-t-j-h-h-9.info"
   • "Start Page"="http://5-a-v-w-b-s-x-0**********4-a-q-0.info"

– [HKLM\SYSTEM\CurrentControlSet\Services\Sr]
   Nuevo valor:
   • "Start"=dword:0x00000004

 Ficheros host El fichero host es modificado de la siguiente manera:

– En este caso, las entradas existentes serán eliminadas.

– El acceso a los siguientes dominios es redirigido a otras destinaciones:
   • 208.109.220.95 viabcp.com
   • 208.109.220.95 www.viabcp.com
   • 208.109.220.95 bcpzonasegura.viabcp.com
   • 173.236.97.27 www.produbanco.com
   • 173.236.97.27 produbanco.com
   • 173.236.97.27 www.pichincha.com
   • 173.236.97.27 pichincha.com
   • 173.236.97.27 wwwp1.pichincha.com
   • 173.236.97.27 wwwp2.pichincha.com
   • 173.236.97.27 wwwp3.pichincha.com
   • 173.236.97.27 wwwp4.pichincha.com
   • 173.236.97.27 wwww01.pichincha.com
   • 173.236.97.27 wwww02.pichincha.com
   • 173.236.97.27 wwww03.pichincha.com
   • 173.236.97.27 wwww04.pichincha.com
   • 173.201.254.6 bn.com.pe
   • 173.201.254.6 www.bn.com.pe
   • 173.201.254.6 zonasegura1.bn.com.pe
   • 173.201.254.6 www.zonasegura1.bn.com.pe
   • 173.201.254.6 peliculasid.com
   • 173.201.254.6 www.peliculasid.com
   • 64.117.35.255 iniciorapido.info
   • 64.117.35.255 www.iniciorapido.info
   • 64.117.35.255 buscalo.in
   • 64.117.35.255 www.buscalo.in
   • 64.117.35.255 buscafacil.com
   • 64.117.35.255 www.buscafacil.com
   • 64.117.35.255 emsisoft.com
   • 64.117.35.255 ahnlab.com
   • 64.117.35.255 antivir.es
   • 64.117.35.255 antiy.net
   • 64.117.35.255 authentium.com
   • 64.117.35.255 avast.com
   • 64.117.35.255 avg.com
   • 64.117.35.255 bitdefender.com
   • 64.117.35.255 quickheal.com
   • 64.117.35.255 clamav.net
   • 64.117.35.255 comodo.com
   • 64.117.35.255 drweb.com
   • 64.117.35.255 aladdin.com
   • 64.117.35.255 ca.com
   • 64.117.35.255 f-prot.com
   • 64.117.35.255 f-secure.com
   • 64.117.35.255 fortinet.com
   • 64.117.35.255 gdata.es
   • 64.117.35.255 ikarus.at
   • 64.117.35.255 jiangmin.com
   • 64.117.35.255 kaspersky.com
   • 64.117.35.255 mcafee.com
   • 64.117.35.255 microsoft.com
   • 64.117.35.255 eset.es
   • 64.117.35.255 norman.com
   • 64.117.35.255 nprotect.com
   • 64.117.35.255 pandasecurity.com
   • 64.117.35.255 pctools.com
   • 64.117.35.255 prevx.com
   • 64.117.35.255 rising-global.com
   • 64.117.35.255 sophos.com
   • 64.117.35.255 sunbeltsoftware.com
   • 64.117.35.255 symantec.com
   • 64.117.35.255 hacksoft.com.pe
   • 64.117.35.255 trendmicro.com
   • 64.117.35.255 anti-virus.by
   • 64.117.35.255 hauri.net
   • 64.117.35.255 virusbuster.hu
   • 64.117.35.255 www.emsisoft.com
   • 64.117.35.255 www.ahnlab.com
   • 64.117.35.255 www.antivir.es
   • 64.117.35.255 www.antiy.net
   • 64.117.35.255 www.authentium.com
   • 64.117.35.255 www.avast.com
   • 64.117.35.255 www.avg.com
   • 64.117.35.255 www.bitdefender.com
   • 64.117.35.255 www.quickheal.com
   • 64.117.35.255 www.clamav.net
   • 64.117.35.255 www.comodo.com
   • 64.117.35.255 www.drweb.com
   • 64.117.35.255 www.aladdin.com
   • 64.117.35.255 www.ca.com
   • 64.117.35.255 www.f-prot.com
   • 64.117.35.255 www.f-secure.com
   • 64.117.35.255 www.fortinet.com
   • 64.117.35.255 www.gdata.es
   • 64.117.35.255 www.ikarus.at
   • 64.117.35.255 www.jiangmin.com
   • 64.117.35.255 www.kaspersky.com
   • 64.117.35.255 www.mcafee.com
   • 64.117.35.255 www.microsoft.com
   • 64.117.35.255 www.eset.es
   • 64.117.35.255 www.norman.com
   • 64.117.35.255 www.nprotect.com
   • 64.117.35.255 www.pandasecurity.com
   • 64.117.35.255 www.pctools.com
   • 64.117.35.255 www.prevx.com
   • 64.117.35.255 www.rising-global.com
   • 64.117.35.255 www.sophos.com
   • 64.117.35.255 www.sunbeltsoftware.com
   • 64.117.35.255 www.symantec.com
   • 64.117.35.255 www.hacksoft.com.pe
   • 64.117.35.255 www.trendmicro.com
   • 64.117.35.255 www.anti-virus.by
   • 64.117.35.255 www.hauri.net
   • 64.117.35.255 www.virusbuster.hu
   • 64.117.35.255 www.emsisoft.com
   • 64.117.35.255 www.anti-trojan.net
   • 64.117.35.255 malwarescan.emsisoft.com
   • 64.117.35.255 forum.emsisoft.com
   • 64.117.35.255 www.emsisoft.net
   • 64.117.35.255 www.emsisoft.it
   • 64.117.35.255 www.emsisoft.de
   • 64.117.35.255 www.anti-trojan-software.net
   • 64.117.35.255 mamutu.com
   • 64.117.35.255 www.emsisoft.es
   • 64.117.35.255 malwarescan.emsisoft.de
   • 64.117.35.255 ww.emsisoft.com
   • 64.117.35.255 www.emsisoft.fr
   • 64.117.35.255 www.emsisoft.nl
   • 64.117.35.255 onlinecheck.emsisoft.com
   • 64.117.35.255 onlinecheck.emsisoft.de
   • 64.117.35.255 www.emsisoft.org
   • 64.117.35.255 scan.anti-trojan.net
   • 64.117.35.255 www.trojaner.info
   • 64.117.35.255 onlinecheck.emsisoft.org
   • 64.117.35.255 onlinecheck.emsisoft.net
   • 64.117.35.255 blitzblank.com
   • 64.117.35.255 www.emsisoft.at
   • 64.117.35.255 www.emsisoft.jp
   • 64.117.35.255 www.mamutu.com
   • 64.117.35.255 malwarescan.emsisoft.es
   • 64.117.35.255 www.mamutu.de
   • 64.117.35.255 download5.emsisoft.com
   • 64.117.35.255 download1.emsisoft.com
   • 64.117.35.255 download4.emsisoft.com
   • 64.117.35.255 global.ahnlab.com
   • 64.117.35.255 www.hackshields.com
   • 64.117.35.255 www.internationalservicecheck.com
   • 64.117.35.255 www.irangoals.com
   • 64.117.35.255 ixomodels.com
   • 64.117.35.255 www.indielisboa.com
   • 64.117.35.255 www.latin-mass-society.org
   • 64.117.35.255 www.arpia.be
   • 64.117.35.255 www.owen.org
   • 64.117.35.255 www.prdouglas.co.uk
   • 64.117.35.255 www.zarya.info
   • 64.117.35.255 www.willsee.com
   • 64.117.35.255 halmapr.com
   • 64.117.35.255 karuna-shechen.org
   • 64.117.35.255 www.barder.com
   • 64.117.35.255 www.antivir.es
   • 64.117.35.255 www.buraka.tv
   • 64.117.35.255 www.dr-bull.com
   • 64.117.35.255 www.manchester-offices.co.uk
   • 64.117.35.255 saverssite.com
   • 64.117.35.255 canada.karuna-shechen.org
   • 64.117.35.255 developmentdrums.org
   • 64.117.35.255 www.imddomains.co.uk
   • 64.117.35.255 cutlines.org
   • 64.117.35.255 elblogdemanu.com
   • 64.117.35.255 ruben.bzin.net
   • 64.117.35.255 welkam.co.jp
   • 64.117.35.255 www.cambridge-steiner-school.co.uk
   • 64.117.35.255 naturesimages.net
   • 64.117.35.255 www.1stavenuelimousines.co.uk
   • 64.117.35.255 www.mtr-design.com
   • 64.117.35.255 dev.depeuter.org
   • 64.117.35.255 www.emeraldclassic.co.uk
   • 64.117.35.255 www.peterhearnwaste.co.uk
   • 64.117.35.255 etrr.co.uk
   • 64.117.35.255 www.avoncourt.com
   • 64.117.35.255 sarahmcconnellphotography.net
   • 64.117.35.255 www.ixomodels.com
   • 64.117.35.255 natsko.com
   • 64.117.35.255 www.nottinghampoetryseries.com
   • 64.117.35.255 www.sheffieldmind.co.uk
   • 64.117.35.255 ixostore.ixomodels.com
   • 64.117.35.255 www.flairweddings.co.uk
   • 64.117.35.255 www.fimasys.com
   • 64.117.35.255 cohartuk.com
   • 64.117.35.255 qqjkw.net
   • 64.117.35.255 vivo-austin.com
   • 64.117.35.255 www.freeality.com
   • 64.117.35.255 bestofewan.com
   • 64.117.35.255 www.handwritingforkids.com
   • 64.117.35.255 cowsmo.com
   • 64.117.35.255 www.2xlgames.com
   • 64.117.35.255 kimzimmer.net
   • 64.117.35.255 basetendencies.com
   • 64.117.35.255 trackingtheworld.com
   • 64.117.35.255 www.reviewsofbooks.com
   • 64.117.35.255 www.collectedcurios.com
   • 64.117.35.255 www.renningers.com
   • 64.117.35.255 ccslaughterspdx.com
   • 64.117.35.255 www.briarhurst.com
   • 64.117.35.255 www.smf.org
   • 64.117.35.255 ribbonwarehouse.com
   • 64.117.35.255 www.garryowen.com
   • 64.117.35.255 45pounds.com
   • 64.117.35.255 isotopecomics.com
   • 64.117.35.255 roysephotos.com
   • 64.117.35.255 www.stadiumpage.com
   • 64.117.35.255 www.elvis-express.com
   • 64.117.35.255 www.tomorrowsedge.net
   • 64.117.35.255 www.beautybar.com
   • 64.117.35.255 pineleafboys.com
   • 64.117.35.255 www.mountainlakeslodge.com
   • 64.117.35.255 pvtc.org
   • 64.117.35.255 bhsbees.com
   • 64.117.35.255 baristamagazine.com
   • 64.117.35.255 www.gokidding.com
   • 64.117.35.255 defalcos.com
   • 64.117.35.255 www.celticmerchant.com
   • 64.117.35.255 www.hxproduction.com
   • 64.117.35.255 www.wellgousa.com
   • 64.117.35.255 blog.titanium-jewelry.com
   • 64.117.35.255 www.brightoctober.com
   • 64.117.35.255 hishomeforchildren.com
   • 64.117.35.255 www.phoenixtrikeworks.com
   • 64.117.35.255 www.professorbeyer.com
   • 64.117.35.255 www.secondchanceboxer.com
   • 64.117.35.255 www.residentphotography.com
   • 64.117.35.255 woottonfootball.com
   • 64.117.35.255 www.deborahshelton.net
   • 64.117.35.255 bobbondart.com
   • 64.117.35.255 www.authentium.com
   • 64.117.35.255 asap.authentium.com
   • 64.117.35.255 www.authentium.com.au
   • 64.117.35.255 avast.com
   • 64.117.35.255 www.avast.com
   • 64.117.35.255 files.avast.com
   • 64.117.35.255 download535.avast.com
   • 64.117.35.255 avg.com
   • 64.117.35.255 www.avg.com
   • 64.117.35.255 grisoft.com
   • 64.117.35.255 www.grisoft.com
   • 64.117.35.255 antivirus-tools.com
   • 64.117.35.255 archive.bitdefender.com
   • 64.117.35.255 avx.rob-have.net
   • 64.117.35.255 b-have.orgbitdefender-ar.com
   • 64.117.35.255 bitdefender.com
   • 64.117.35.255 bitdefender.org
   • 64.117.35.255 bitdefenderchina.com
   • 64.117.35.255 bitdefenderguatemala.com
   • 64.117.35.255 bitdefendermalaysia.com
   • 64.117.35.255 bitdefendertaiwan.com
   • 64.117.35.255 bitdefenderuruguay.com
   • 64.117.35.255 bitdefenderusa.com
   • 64.117.35.255 buy.bitdefender-es.com
   • 64.117.35.255 buy.bitdefender.com
   • 64.117.35.255 buy.bitdefender.de
   • 64.117.35.255 de.bitdefender.com
   • 64.117.35.255 fr.bitdefender.com
   • 64.117.35.255 futurenow.bitdefender.com
   • 64.117.35.255 it.bitdefender.com
   • 64.117.35.255 jobs.bitdefender.com
   • 64.117.35.255 kb.bitdefender.com
   • 64.117.35.255 kb.bitdefender.de
   • 64.117.35.255 kb.bitdefender.us
   • 64.117.35.255 latin.bitdefender.com
   • 64.117.35.255 linux.bitdefender.com
   • 64.117.35.255 malwarecity.com
   • 64.117.35.255 malwarecity.netmalwarecity.org
   • 64.117.35.255 malwarepedia.com
   • 64.117.35.255 neunet.orgnews.bitdefender.com
   • 64.117.35.255 nl.bitdefender.com
   • 64.117.35.255 renewals.bitdefender.com
   • 64.117.35.255 sales.bitdefender.com
   • 64.117.35.255 square.bitdefender.com
   • 64.117.35.255 store.bitdefender.com
   • 64.117.35.255 store.de.bitdefender.com
   • 64.117.35.255 us.bitdefender.com
   • 64.117.35.255 virusscanonline.net
   • 64.117.35.255 wedoantivirus.com
   • 64.117.35.255 www.antivirus-tools.com
   • 64.117.35.255 www.avx.ro
   • 64.117.35.255 www.bit-defender.de
   • 64.117.35.255 www.bitdefende.de
   • 64.117.35.255 www.bitdefender-es.com
   • 64.117.35.255 www.bitdefender.be
   • 64.117.35.255 www.bitdefender.cl
   • 64.117.35.255 www.bitdefender.co.uk
   • 64.117.35.255 www.bitdefender.com
   • 64.117.35.255 www.bitdefender.com.au
   • 64.117.35.255 www.bitdefender.com.sg
   • 64.117.35.255 www.bitdefender.com.tw
   • 64.117.35.255 www.bitdefender.com.vn
   • 64.117.35.255 www.bitdefender.de
   • 64.117.35.255 www.bitdefender.es
   • 64.117.35.255 www.bitdefender.fr
   • 64.117.35.255 www.bitdefender.hk
   • 64.117.35.255 www.bitdefender.us
   • 64.117.35.255 www.bitdefenderme.com
   • 64.117.35.255 www.malwarecity.com
   • 64.117.35.255 www.malwarecity.fr
   • 64.117.35.255 quickheal.com
   • 64.117.35.255 www.quickheal.com
   • 64.117.35.255 www.clamav.net
   • 64.117.35.255 cgi.clamav.net
   • 64.117.35.255 lurker.clamav.net
   • 64.117.35.255 wwws.clamav.net
   • 64.117.35.255 lists.clamav.net
   • 64.117.35.255 bugs.clamav.net
   • 64.117.35.255 system-cleaner.comodo.com
   • 64.117.35.255 backup.comodo.com
   • 64.117.35.255 www.comodoantispam.com
   • 64.117.35.255 easy-vpn.comodo.com
   • 64.117.35.255 www.trustlogo.com
   • 64.117.35.255 ztl.comodo.com
   • 64.117.35.255 www.livepcsupport.com
   • 64.117.35.255 www.whichssl.com
   • 64.117.35.255 www.trustix.com
   • 64.117.35.255 disk-encryption.comodo.com
   • 64.117.35.255 speedtest.comodo.com
   • 64.117.35.255 www.contentverification.com
   • 64.117.35.255 idauthority.com
   • 64.117.35.255 www.comodo.tv
   • 64.117.35.255 online-backup.comodo.com
   • 64.117.35.255 www.testmypcsecurity.com
   • 64.117.35.255 www.ccssforum.org
   • 64.117.35.255 i-vault.comodo.com
   • 64.117.35.255 internetsecurity.comodo.com
   • 64.117.35.255 www.comodopartners.com
   • 64.117.35.255 timestamp.comodoca.com
   • 64.117.35.255 secure-email.comodo.com
   • 64.117.35.255 timestamp.wosign.com
   • 64.117.35.255 rover800.gaima.co.uk
   • 64.117.35.255 www.nsclean.com
   • 64.117.35.255 www.contentverification.com
   • 64.117.35.255 new-estore.drweb.com
   • 64.117.35.255 support.drweb.com
   • 64.117.35.255 pda.drweb.com
   • 64.117.35.255 updates.drweb.com
   • 64.117.35.255 drweb.com
   • 64.117.35.255 vms.drweb.com
   • 64.117.35.255 solutions.drweb.com
   • 64.117.35.255 news.drweb.com
   • 64.117.35.255 my.drweb.com
   • 64.117.35.255 buy.drweb.com
   • 64.117.35.255 products.drweb.com
   • 64.117.35.255 new-support.drweb.com
   • 64.117.35.255 promotions.drweb.com
   • 64.117.35.255 network.drweb.com
   • 64.117.35.255 customers.drweb.com
   • 64.117.35.255 store.drweb.com
   • 64.117.35.255 company.drweb.com
   • 64.117.35.255 training.drweb.com
   • 64.117.35.255 license.drweb.com
   • 64.117.35.255 cureit.ru
   • 64.117.35.255 free.drweb.com
   • 64.117.35.255 info.drweb.com
   • 64.117.35.255 new-partners.drweb.com
   • 64.117.35.255 drweb.net
   • 64.117.35.255 new-company.drweb.com
   • 64.117.35.255 new-beta.drweb.com
   • 64.117.35.255 new-forum.drweb.com
   • 64.117.35.255 secure.av-desk.com
   • 64.117.35.255 www.av-desk.com
   • 64.117.35.255 new-solutions.drweb.com
   • 64.117.35.255 new-www.drweb.com
   • 64.117.35.255 www.freedrweb.ru
   • 64.117.35.255 daniloff.net
   • 64.117.35.255 drweb-inside.com
   • 64.117.35.255 drwebinside.com
   • 64.117.35.255 aladdin.com
   • 64.117.35.255 alladdin.ru
   • 64.117.35.255 chickensroamfree.com
   • 64.117.35.255 ealaddin.net
   • 64.117.35.255 ealaddin.orgeshop.aladdin.com
   • 64.117.35.255 secureme.com
   • 64.117.35.255 www.aks.com
   • 64.117.35.255 www.aladdin.com
   • 64.117.35.255 www.ealaddin.com
   • 64.117.35.255 www.ealaddin.com
   • 64.117.35.255 auwww.ealaddin.nl
   • 64.117.35.255 www.esafe.com
   • 64.117.35.255 www.hasp.se
   • 64.117.35.255 www.safenet-inc.com
   • 64.117.35.255 www3.safenet-inc.com
   • 64.117.35.255 www.ca.com
   • 64.117.35.255 cacomvip.ca.com
   • 64.117.35.255 www.netegrity.com
   • 64.117.35.255 search.ca.com
   • 64.117.35.255 cai.com
   • 64.117.35.255 www.f-prot.com
   • 64.117.35.255 frisk-software.com
   • 64.117.35.255 www.frisk.is
   • 64.117.35.255 www.frisk-software.com
   • 64.117.35.255 f-secure.com
   • 64.117.35.255 f-secure.frf-secure.hk
   • 64.117.35.255 f-secure.nlfsecure.com
   • 64.117.35.255 fsecure.nlwebyard.com
   • 64.117.35.255 www.f-secure.com
   • 64.117.35.255 www.fsecure.com
   • 64.117.35.255 www.virus.fi
   • 64.117.35.255 fortihero.com
   • 64.117.35.255 fortilog.com
   • 64.117.35.255 fortinet.co.at
   • 64.117.35.255 fortinet.com
   • 64.117.35.255 fortiprotect.com
   • 64.117.35.255 fortiwifi.com
   • 64.117.35.255 www.apsecure.com
   • 64.117.35.255 www.fortifed.com
   • 64.117.35.255 www.fortiid.com
   • 64.117.35.255 www.fortimail.com
   • 64.117.35.255 www.fortinet-apac.com
   • 64.117.35.255 www.fortinet.ch
   • 64.117.35.255 www.fortinet.co.il
   • 64.117.35.255 www.fortinet.com
   • 64.117.35.255 www.fortinet.com
   • 64.117.35.255 arwww.fortinet.cz
   • 64.117.35.255 www.fortinet.net
   • 64.117.35.255 www.fortinet.nl
   • 64.117.35.255 www.fortinet.sg
   • 64.117.35.255 www.fortinetuk.com
   • 64.117.35.255 www.secure-elements.com
   • 64.117.35.255 gdata.es
   • 64.117.35.255 www.gdata.es
   • 64.117.35.255 ikarus.at
   • 64.117.35.255 www.ikarus.at
   • 64.117.35.255 global.jiangmin.com
   • 64.117.35.255 jiangmin.com.cn
   • 64.117.35.255 jiangmin.com
   • 64.117.35.255 www.jiangmin.com.cn
   • 64.117.35.255 www.kaspersky.com
   • 64.117.35.255 forum.kaspersky.com
   • 64.117.35.255 support.kaspersky.co
   • 64.117.35.255 usa.kaspersky.com
   • 64.117.35.255 brazil.kaspersky.com
   • 64.117.35.255 latam.kaspersky.com
   • 64.117.35.255 kaspersky.com
   • 64.117.35.255 me.kaspersky.com
   • 64.117.35.255 images.kaspersky.com
   • 64.117.35.255 www.mcafee.com
   • 64.117.35.255 support.mcafee.com
   • 64.117.35.255 msr.mcafee.com
   • 64.117.35.255 home.mcafee.com
   • 64.117.35.255 networkassociates.com
   • 64.117.35.255 us.mcafee.com
   • 64.117.35.255 tr.mcafee.com
   • 64.117.35.255 au.mcafee.com
   • 64.117.35.255 mx.mcafee.com
   • 64.117.35.255 networkassociates.nai.com
   • 64.117.35.255 go.mcafee.com
   • 64.117.35.255 fr.mcafee.com
   • 64.117.35.255 uk.mcafee.com
   • 64.117.35.255 de.mcafee.com
   • 64.117.35.255 obscgi.mcafee.com
   • 64.117.35.255 nai.com
   • 64.117.35.255 www.entercept.com
   • 64.117.35.255 jp.mcafee.com
   • 64.117.35.255 mcafeeb2b.com
   • 64.117.35.255 cn.mcafee.com
   • 64.117.35.255 service.mcafee.com
   • 64.117.35.255 br.mcafee.com
   • 64.117.35.255 www.mcafee.at
   • 64.117.35.255 mcafeeretail.com
   • 64.117.35.255 it.mcafee.com
   • 64.117.35.255 tw.mcafee.com
   • 64.117.35.255 privacy.microsoft.com
   • 64.117.35.255 tempuri.org
   • 64.117.35.255 schemas.xmlsoap.org
   • 64.117.35.255 www.microsoft.com
   • 64.117.35.255 specs.xmlsoap.org
   • 64.117.35.255 www.eugrantsadvisor.ie
   • 64.117.35.255 schemas.microsoft.com
   • 64.117.35.255 encarta.msn.com
   • 64.117.35.255 www.sysinternals.com
   • 64.117.35.255 grv.microsoft.com
   • 64.117.35.255 www.xmlsoap.org
   • 64.117.35.255 www.eugrantsadvisor.se
   • 64.117.35.255 www.eugrantsadvisor.com
   • 64.117.35.255 research.microsoft.com
   • 64.117.35.255 www.engyro.com
   • 64.117.35.255 www.exchangeyourcareer.com
   • 64.117.35.255 www.eugrantsadvisor.de
   • 64.117.35.255 exchangeyourcareer.net
   • 64.117.35.255 eugrantsadvisor.de
   • 64.117.35.255 eugrantsadvisor.cz
   • 64.117.35.255 www.eset.es
   • 64.117.35.255 demos.eset.es
   • 64.117.35.255 descargas.eset.es
   • 64.117.35.255 blogs.protegerse.com
   • 64.117.35.255 eos.eset.es
   • 64.117.35.255 pedidos.protegerse.com
   • 64.117.35.255 reg-int.nod32-es.com
   • 64.117.35.255 reg.eset.es
   • 64.117.35.255 vicentevirtual.com
   • 64.117.35.255 cou85.com
   • 64.117.35.255 www.norman.com
   • 64.117.35.255 fsc.norman.com
   • 64.117.35.255 nprobeta.norman.com
   • 64.117.35.255 register.norman.com
   • 64.117.35.255 webadmin.norman.no
   • 64.117.35.255 sandbox.norman.com
   • 64.117.35.255 www.nprotect.com
   • 64.117.35.255 global.nprotect.com
   • 64.117.35.255 www.nprotect.co.kr
   • 64.117.35.255 www.npin.co.kr
   • 64.117.35.255 siren24.nprotect.com
   • 64.117.35.255 15660808.co.kr
   • 64.117.35.255 biz.nprotect.com
   • 64.117.35.255 nprotect.net
   • 64.117.35.255 www.nprotect.com.br
   • 64.117.35.255 liveprotect.net
   • 64.117.35.255 nprotect.seoul.go.kr
   • 64.117.35.255 chollian.nprotect.co.kr
   • 64.117.35.255 www.pandasecurity.com
   • 64.117.35.255 research.pandasecurity.com
   • 64.117.35.255 support.pandasecurity.com
   • 64.117.35.255 pandalabs.pandasecurity.com
   • 64.117.35.255 pandasecurity.com
   • 64.117.35.255 mop.pandasecurity.com
   • 64.117.35.255 timeforyourbusi.pandasecurity.com
   • 64.117.35.255 cybercrime.pandasecurity.com
   • 64.117.35.255 free.pandasecurity.com
   • 64.117.35.255 cloudprotection.pandasecurity.com
   • 64.117.35.255 shop.pandasecurity.com
   • 64.117.35.255 soporte.pandasecurity.com
   • 64.117.35.255 together.pctools.com
   • 64.117.35.255 www.prevx.com
   • 64.117.35.255 info.prevx.com
   • 64.117.35.255 free.prevx.com
   • 64.117.35.255 spywarefiles.prevx.com
   • 64.117.35.255 spywaredlls.prevx.com
   • 64.117.35.255 shield.prevx.com
   • 64.117.35.255 www.prevx1.com
   • 64.117.35.255 howsafeismypc.com
   • 64.117.35.255 www.retento.com
   • 64.117.35.255 www.freerav.com
   • 64.117.35.255 www.rising-global.com
   • 64.117.35.255 www.risingav.com.au
   • 64.117.35.255 support.rising-global.com
   • 64.117.35.255 superboy2010.com.au
   • 64.117.35.255 www.sophos.com
   • 64.117.35.255 feeds.sophos.com
   • 64.117.35.255 esp.sophos.com
   • 64.117.35.255 cn.sophos.com
   • 64.117.35.255 tw.sophos.com
   • 64.117.35.255 kr.sophos.com
   • 64.117.35.255 sophos.com
   • 64.117.35.255 podcasts.sophos.com
   • 64.117.35.255 www.sunbeltsoftware.com
   • 64.117.35.255 go.sunbeltsoftware.com
   • 64.117.35.255 oem.sunbeltsoftware.com
   • 64.117.35.255 antispam.sunbeltsoftware.com
   • 64.117.35.255 antispyware.sunbeltsoftware.com
   • 64.117.35.255 antivirus.sunbeltsoftware.com
   • 64.117.35.255 sunbeltsoftware.com
   • 64.117.35.255 shop.sunbeltsoftware.com
   • 64.117.35.255 live.sunbeltsoftware.com
   • 64.117.35.255 firewall.sunbeltsoftware.com
   • 64.117.35.255 www.symantec.com
   • 64.117.35.255 security.symantec.com
   • 64.117.35.255 securityrespons.symantec.com
   • 64.117.35.255 service1.symantec.com
   • 64.117.35.255 enterprisesecur.symantec.com
   • 64.117.35.255 eval.symantec.com
   • 64.117.35.255 symantec.com
   • 64.117.35.255 definitions.symantec.com
   • 64.117.35.255 investor.symantec.com
   • 64.117.35.255 et.symantec.com
   • 64.117.35.255 sfdoccentral.symantec.com
   • 64.117.35.255 servicenews.symantec.com
   • 64.117.35.255 securityrespons.symantec.com
   • 64.117.35.255 sea.symantec.com
   • 64.117.35.255 go.symantec.com
   • 64.117.35.255 dell.symantec.com
   • 64.117.35.255 sun.symantec.com
   • 64.117.35.255 marian.symantec.com
   • 64.117.35.255 tms.symantec.com
   • 64.117.35.255 securitycheck.symantec.com
   • 64.117.35.255 smallbiz.symantec.com
   • 64.117.35.255 www.symantec.com
   • 64.117.35.255 visualtracking.symantec.com
   • 64.117.35.255 search.symantec.com
   • 64.117.35.255 liveupdate.symantec.com
   • 64.117.35.255 sitedirector.symantec.com
   • 64.117.35.255 edm.symantec.com
   • 64.117.35.255 hostedmailsecur.symantec.com
   • 64.117.35.255 www4.symantec.com
   • 64.117.35.255 education.symantec.com
   • 64.117.35.255 vos.symantec.com
   • 64.117.35.255 www.hacksoft.com.pe
   • 64.117.35.255 hacksoft.pe
   • 64.117.35.255 www.hacksoft.pe
   • 64.117.35.255 housecall.trendmicro.com
   • 64.117.35.255 www.trendmicro.com
   • 64.117.35.255 housecall65.trendmicro.com
   • 64.117.35.255 us.trendmicro.com
   • 64.117.35.255 blog.trendmicro.com
   • 64.117.35.255 emea.trendmicro.com
   • 64.117.35.255 housecall60.trendmicro.com
   • 64.117.35.255 jp.trendmicro.com
   • 64.117.35.255 de.trendmicro.com
   • 64.117.35.255 it.trendmicro.com
   • 64.117.35.255 itw.trendmicro.com
   • 64.117.35.255 esupport.trendmicro.com
   • 64.117.35.255 es.trendmicro.com
   • 64.117.35.255 br.trendmicro.com
   • 64.117.35.255 tw.trendmicro.com
   • 64.117.35.255 la.trendmicro.com
   • 64.117.35.255 uk.trendmicro.com
   • 64.117.35.255 ru.trendmicro.com
   • 64.117.35.255 smbstore.trendmicro.com
   • 64.117.35.255 apac.trendmicro.com
   • 64.117.35.255 store.trendmicro.com
   • 64.117.35.255 training.trendmicro.com
   • 64.117.35.255 trial.trendmicro.com
   • 64.117.35.255 ushousecall02.trendmicro.com
   • 64.117.35.255 subwiz.trendmicro.com
   • 64.117.35.255 go.trendmicro.com
   • 64.117.35.255 feeds.trendmicro.com
   • 64.117.35.255 channelpartner.trendmicro.com
   • 64.117.35.255 wtc.trendmicro.com
   • 64.117.35.255 shop.trendmicro.com
   • 64.117.35.255 fr.trendmicro.com
   • 64.117.35.255 threatinfo.trendmicro.com
   • 64.117.35.255 newsletters.trendmicro.com
   • 64.117.35.255 www.anti-virus.by
   • 64.117.35.255 bg.virusblokada.com
   • 64.117.35.255 www.vba.com.by
   • 64.117.35.255 beta.anti-virus.by
   • 64.117.35.255 www.bg.virusblokada.com
   • 64.117.35.255 www.hauri.net
   • 64.117.35.255 www.hauri.co.kr
   • 64.117.35.255 company.hauri.net
   • 64.117.35.255 www.globalhauri.com
   • 64.117.35.255 shop.hauri.co.kr
   • 64.117.35.255 hauri.co.kr
   • 64.117.35.255 pg.hauri.net
   • 64.117.35.255 esecurity.livecall.co.kr
   • 64.117.35.255 mall.hauri.co.kr
   • 64.117.35.255 company.hauri.co.kr
   • 64.117.35.255 haurijapan.com
   • 64.117.35.255 virobot.co.kr
   • 64.117.35.255 www.virusbuster.hu
   • 64.117.35.255 virusbuster.hu
   • 64.117.35.255 scanner.novirusthanks.org
   • 64.117.35.255 scanner2.novirusthanks.or
   • 64.117.35.255 novirusthanks.org
   • 64.117.35.255 www.novirusthanks.org
   • 64.117.35.255 virustotal.com
   • 64.117.35.255 www.virustotal.com
   • 64.117.35.255 virscan.org
   • 64.117.35.255 www.virscan.org
   • 64.117.35.255 virusscan.jotti.org
   • 64.117.35.255 jotti.org
   • 64.117.35.255 www.jotti.org
   • 64.117.35.255 viruschief.com
   • 64.117.35.255 www.viruschief.com
   • 64.117.35.255 scanner.virus.org
   • 64.117.35.255 virus.org
   • 64.117.35.255 www.virus.org
   • 64.117.35.255 scan4you.net
   • 64.117.35.255 www.scan4you.net
   • 64.117.35.255 avhide.com
   • 64.117.35.255 www.avhide.com
   • 64.117.35.255 anubis.iseclab.org
   • 64.117.35.255 iseclab.org
   • 64.117.35.255 www.iseclab.org
   • 64.117.35.255 threatexpert.com
   • 64.117.35.255 www.threatexpert.com


 Inyectar el código viral en otros procesos – Se inyecta como un hilo de ejecución remoto en un proceso.

    Nombre del proceso:
   • svchost.exe


 Informaciones diversas  Para buscar una conexión a Internet, contacta el siguiente sitio web:
   • http://www.whatismyip.org
Accede a recursos de Internet:
   • http://whos.amung.us/swidget/**********
   • http://widgets.amung.us/small/01/**********
   • http://d-9-c-1-7-3-l-0-k-3-g-2-0-5-2-b-w-7-5-3-1-7-y-6-u-8-z-r-x-d-7-.1-tr-18su-ka-8dow-56-oo9-13swx-r-k-ife-0nj-rnq-ihb-dd-p-1-0-z-a.info/**********
   • http://y-a-6-m-7-a-0-5-y-n-6-8-6-o-y-m-4-v-4-4-5-8-2-t-u-2-e-4-0-4-x-.1-tr-18su-ka-8dow-56-oo9-13swx-r-k-ife-0nj-rnq-ihb-dd-p-1-0-z-a.info/**********
   • http://s-c-p-w-n-7-b-9-9-c-1-d-6-3-1-k-z-5-b-9-b-4-t-0-d-7-n-5-x-3-2-.1-tr-18su-ka-8dow-56-oo9-13swx-r-k-ife-0nj-rnq-ihb-dd-p-1-0-z-a.info/**********
   • http://7-9-z-9-1-k-y-2-q-2-3-4-9-1-b-7-s-3-x-c-4-2-2-l-2-x-0-6-3-s-e-.1-tr-18su-ka-8dow-56-oo9-13swx-r-k-ife-0nj-rnq-ihb-dd-p-1-0-z-a.info/**********
   • http://j-y-k-d-l-8-0-e-r-4-4-x-2-a-4-e-2-7-f-e-3-k-j-0-8-9-0-h-e-1-0-.1-tr-18su-ka-8dow-56-oo9-13swx-r-k-ife-0nj-rnq-ihb-dd-p-1-0-z-a.info/**********
   • http://o-c-7-4-8-h-1-p-h-1-n-q-i-9-2-w-0-z-k-0-2-u-i-1-3-4-l-1-1-o-2-.1-tr-18su-ka-8dow-56-oo9-13swx-r-k-ife-0nj-rnq-ihb-dd-p-1-0-z-a.info/**********


Objeto mutex:
Crea el siguiente objeto mutex:
   • @0MPfV5@mqt«sL+EVQ@XPbGP9@

 Datos del fichero Lenguaje de programación:
El programa de malware ha sido escrito en Visual Basic.


Programa de compresión de ejecutables:
Para agravar la detección y reducir el tamaño del fichero, emplea un programa de compresión de ejecutables.

Descripción insertada por Petre Galan el martes, 5 de abril de 2011
Descripción actualizada por Andrei Ivanes el viernes, 8 de abril de 2011

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.