¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Virus:TR/Matsnu.EB.133
Date discovered:04/04/2013
Type:Trojan
In the wild:Yes
Reported Infections:Medium to high
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:No
VDF version:7.11.70.80 - Thursday, April 4, 2013
IVDF version:7.11.70.80 - Thursday, April 4, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan.Win32.Yakes.coqu
   •  TrendMicro: TROJ_INJECTO.BEE
   •  Sophos: Troj/Agent-ABBT
   •  Avast: Win32:Downloader-SWW
   •  Microsoft: Trojan:Win32/Matsnu
   •  VirusBuster: Trojan.Yakes!LBH4qWuGJBE
   •  Eset: Win32/Trustezeb.C
   •  DrWeb: Trojan.PWS.Panda.3978
   •  Fortinet: W32/Injector.ZVR!tr


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Downloads a malicious file
   • Lowers security settings
   • Registry modification

 Files It copies itself to the following location:
   • %HOME%\%random character string%\%random character string%.exe




It tries to download a file: It is saved on the local hard drive under: %TEMP%\%CLSID% Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too.

 Registry The following registry key is added in order to run the process after reboot:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%random character string%"="%HOME%\%random character string%\%random character string%.exe"
   •

 Miscellaneous Accesses internet resources:
   • http://nvufvw**********.com/forums.php?ltype=ld&ccr=1&id=**********

 File details Programming language:
The malware program was written in MS Visual C++.

Descripción insertada por Alexander Bauer el sábado, 6 de abril de 2013
Descripción actualizada por Alexander Bauer el sábado, 6 de abril de 2013

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.