¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Virus:TR/Injector.BC
Date discovered:18/04/2008
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
File size:160256 Bytes
MD5 checksum:7b2dd976849df0d37d1773d201478525
VDF version:7.00.03.177
IVDF version:7.00.03.185 - Friday, April 18, 2008

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Sophos: Troj/Mdrop-EZF
   •  Bitdefender: Trojan.GenericKD.933878
   •  Eset: a variant of Win32/Injector.AFAL trojan


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Drops files
Infects files
   • Registry modification

 Files It copies itself to the following locations:
   • %temp%\%10 digit random character string% .pre
   • %appdata%\%random character string%\%nine-digit random character string%/exe
   • C:\run\sample.exe



It deletes the initially executed copy of itself.



It deletes the following files:
   • C:\run\sample.exe
   • %temp%\%10 digit random character string% .pre

 Registry One of the following values is added in order to run the process after reboot:

  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%random character string%"="%appdata%\\%random character string%\\%10 digit random character string% .exe"



The following registry keys are added in order to load the service after reboot:

[HKLM\SYSTEM\ControlSet001\Control\Session Manager]
   • "PendingFileRenameOperations"="\??\%temp%\%10 digit random character string% .pre;"

 Injection     All of the following processes:
   • %SYSDIR%\ctfmon.exe
   • %SYSDIR%\svchost.exe


 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS servers are contacted:
   • nvu**********eg.com
   • goga**********jman.ru
   • set1**********.ru


Event handler:
It creates the following Event handlers:
   • ReadProcessMemory
   • WriteProcessMemory
   • SetWindowsHook
   • CreateRemoteThread
   • GetSystemDirectory
   • CreateProcess
   • CreateFile
   • CreateServcie

Descripción insertada por Wensin Lee el jueves 11 de abril de 2013
Descripción actualizada por Wensin Lee el jueves 11 de abril de 2013

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.