¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Date discovered:02/12/2008
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:8.704 Bytes
MD5 checksum:31ddc2ae38061b3b03571fd7f28ab788
IVDF version: - Tuesday, December 2, 2008

 General Aliases:
   •  Sophos: Troj/Drop-AD
   •  Grisoft: SHeur.CRFI

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
    Access to floppy disk
   • Drops malicious files
   • Registry modification

 Files It copies itself to the following locations:
   • %SYSDIR%\afido.exe
   • %drive%\afido.exe

It creates the following directory:
   • %TEMPDIR%\%random character string%.tmp

It deletes the following file:
   • %drive%\Autorun.inf

The following files are created:

%TEMPDIR%\%random character string%\b2e.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too.
%TEMPDIR%\%random character string%\batfile.bat

It tries to executes the following files:

   • %TEMPDIR%\%random character string%\b2e.exe
Furthermore it contains malicious code.

   • %TEMPDIR%\%random character string%\batfile.bat

 Registry One of the following values is added in order to run the process after reboot:

   • "opesys"="%SYSDIR%\afido.exe"

The following registry key is added:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\
   • @="@SYS:DoesNotExist"

 File details Programming language:
The malware program was written in Assembler.

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Descripción insertada por Petre Galan el martes 7 de julio de 2009
Descripción actualizada por Petre Galan el lunes 17 de agosto de 2009

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.