¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Virus:TR/Dldr.Bagle.bgn
Type:Trojan
Subtype:Downloader
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:901.120 Bytes
MD5 checksum:22908dc21373acf1bda2488013906c24

 General Aliases:
   •  Mcafee: W32/Bagle.dldr
   •  Sophos: Mal/Generic-A
   •  Panda: W32/Bagle.VM.worm
   •  Eset: Win32/Bagle.TC
   •  Bitdefender: Trojan.Generic.2539197


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads malicious files
   • Drops malicious files
   • Registry modification

 Files  C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe
C:\Documents and Settings\Administrator\Application Data\drivers\flec005.exe
C:\Documents and Settings\Administrator\Application Data\drivers\wfsintwq.sys
C:\Documents and Settings\Administrator\Application Data\drivers\srosa2.sys



It tries to download some files:

The locations are the following:
   • http://netinzone.com/images/**********?crc=%number%
   • http://www.gethelp.gr/images/**********?crc=%number%
   • http://www.sittichland.net/images/**********?crc=%number%
   • http://transcardan.com.ar/images/**********?crc=%number%
   • http://escrevemos.com.br/images/**********?crc=%number%
   • http://bigape.dk/images/**********?crc=%number%
   • http://www.virtuaweb.ch/images/**********?crc=%number%
   • http://sagaseguros.com.br/images/**********?crc=%number%
   • http://gespat.com.br/images/**********?crc=%number%
   • http://industriastodoflex.com.ar/images/**********?crc=%number%
   • http://ellevang.aab-net.dk/images/**********?crc=%number%
   • http://htcom.com.br/images/**********?crc=%number%
   • http://caiunaredeibcn.com.br/images/**********?crc=%number%
   • http://www.dinos-online-world.com/images/**********?crc=%number%
   • http://www.revistaoyc.com.ar/images/**********?crc=%number%
   • http://www.villaggioilgabbiano.com/images/**********?crc=%number%
   • http://sotiere.fr/images/**********?crc=%number%
   • http://apcsoftware.com.br/images/**********?crc=%number%
   • http://s279848872.onlinehome.fr/images/**********?crc=%number%
   • http://vdbquad.be/images/**********?crc=%number%
   • http://www.pintatuvida.com/images/**********?crc=%number%
   • http://www.grupomercadao.com.br/images/**********?crc=%number%
   • http://fantastictimemachine.dk/images/**********?crc=%number%
   • http://andalusiers.info/images/**********?crc=%number%
   • http://fat-burner.org/images/**********?crc=%number%
   • http://blackmagicsoft.com/images/**********?crc=%number%
   • http://inmogestiongarraf.com/images/**********?crc=%number%
   • http://2plus1.1h.pl/images/**********?crc=%number%
   • http://tememe.org/images/**********?crc=%number%
   • http://doctornelsonjaque.cl/images/**********?crc=%number%
   • http://atelierdupetitprince.com/images/**********?crc=%number%
   • http://aircomms.com/images/**********?crc=%number%
   • http://vicentepastor.com/images/**********?crc=%number%
   • http://troop147.com/images/**********?crc=%number%
   • http://davincistudio.ncse.pl/images/**********?crc=%number%
   • http://christinesalib.com/images/**********?crc=%number%
   • http://www.oficinadapesca.com.br/images/**********?crc=%number%
   • http://diariosalto.com/images/**********?crc=%number%
   • http://amrc.no/images/**********?crc=%number%
   • http://cerbeer.com.br/images/**********?crc=%number%
   • http://www2.djleo.fr/images/**********?crc=%number%
   • http://icastro.net/images/**********?crc=%number%
   • http://kerrenneur.com/images/**********?crc=%number%
   • http://olympiostudio.com.br/images/**********?crc=%number%
   • http://inversionesabreu.com/images/**********?crc=%number%
   • http://autismoburgos.org/images/**********?crc=%number%
   • http://www.bbtinez.com/images/**********?crc=%number%
   • http://2shoppers.net/images/**********?crc=%number%
   • http://mobico.home.pl/images/**********?crc=%number%
   • http://borgobrunelleschi.it/images/**********?crc=%number%
   • http://www.elcompcomponentes.com.br/images/**********?crc=%number%
   • http://joowiki.com/images/**********?crc=%number%
   • http://idealuminosa.it/images/**********?crc=%number%
   • http://eisnt.com/images/**********?crc=%number%
   • http://bikerguide24.com/images/**********?crc=%number%
   • http://ahavat-rahamim.org/images/**********?crc=%number%
   • http://www.23-50.info/images/**********?crc=%number%
   • http://safarispasodelindio.com.ar/images/**********?crc=%number%
   • http://www.camperworkshop.com/images/**********?crc=%number%
   • http://vgormaz.cl/images/**********?crc=%number%
   • http://elecinfo.gr/images/**********?crc=%number%
   • http://livinautic.com/images/**********?crc=%number%
   • http://retroradar.com/images/**********?crc=%number%
   • http://tagdemexico.com/images/**********?crc=%number%
   • http://sikaniaservice.it/images/**********?crc=%number%
   • http://tribuandco.fr/images/**********?crc=%number%
   • http://www.roma136.org/images/**********?crc=%number%
   • http://myprosoft.net/images/**********?crc=%number%
   • http://sgktechnology.com/images/**********?crc=%number%
   • http://jesusgarciaartglass.com/images/**********?crc=%number%
   • http://lmiauto.webtolive.net/images/**********?crc=%number%
   • http://cita-ambulatoria.com/images/**********?crc=%number%
   • http://4technique.it/images/**********?crc=%number%
   • http://rating-basilea2.it/images/**********?crc=%number%
   • http://juegoalprode.com.ar/images/**********?crc=%number%
   • http://canalcars.es/images/**********?crc=%number%
   • http://www.lopeztenorio.com/images/**********?crc=%number%
   • http://hotel-santamonica.com/images/**********?crc=%number%
   • http://fantafoggia.netsons.org/images/**********?crc=%number%
   • http://royal3d.com.br/images/**********?crc=%number%
   • http://monpetitatelier.com/images/**********?crc=%number%
   • http://da-ma.it/images/**********?crc=%number%
   • http://greatvaluecarhire.com/images/**********?crc=%number%
   • http://geoveneto.com.ar/images/**********?crc=%number%
   • http://samueleiezzoni.com/images/**********?crc=%number%
   • http://saltek.com.pl/images/**********?crc=%number%
   • http://jubla-wuefla.ch/images/**********?crc=%number%
   • http://automalatina.com.ar/images/**********?crc=%number%
   • http://www.zonnedauwtje.nl/images/**********?crc=%number%
   • http://webesencias.com/images/**********?crc=%number%
   • http://www.chennaimallikaaresidency.com/images/**********?crc=%number%
   • http://www.homejn.com/images/**********?crc=%number%
   • http://www.marrakechgarden.com/images/**********?crc=%number%
   • http://pierdek.ramtel.net.pl/images/**********?crc=%number%
   • http://bandidos-cottbus.com/images/**********?crc=%number%
   • http://www.wha.it/images/**********?crc=%number%
   • http://margaritavenezuela.net/images/**********?crc=%number%
   • http://www.madmusic.ch/images/**********?crc=%number%
   • http://tresdefebreroinmuebles.com/images/**********?crc=%number%
   • http://wilsonsavegnago.com.br/images/**********?crc=%number%
   • http://nelium.be/images/**********?crc=%number%
   • http://biolog.com.br/images/**********?crc=%number%
   • http://avilasbravati.com.br/images/**********?crc=%number%
   • http://iridyum.net/images/**********?crc=%number%
   • http://reiniciapc.com/images/**********?crc=%number%
   • http://sushitesters.com/images/**********?crc=%number%
   • http://209.227.255.242/images/**********?crc=%number%
   • http://cyrilcast.com/images/**********?crc=%number%
   • http://reviveprojects.com.au/images/**********?crc=%number%
   • http://aiag.com.ve/images/**********?crc=%number%
   • http://jindexe.com/images/**********?crc=%number%
   • http://garpez.com.ve/images/**********?crc=%number%
   • http://stebot.net/images/**********?crc=%number%
   • http://grasshopers.net/images/**********?crc=%number%
   • http://robinudarchery.com/images/**********?crc=%number%
   • http://grupamc.com/images/**********?crc=%number%
   • http://crewdiscountcard.com/images/**********?crc=%number%
   • http://www.pixelhotel.eu/images/**********?crc=%number%
   • http://stylesnatch.com/images/**********?crc=%number%
   • http://karlemans.com/images/**********?crc=%number%
   • http://blackdino.bplaced.net/images/**********?crc=%number%
   • http://habitatnet.it/images/**********?crc=%number%
   • http://fernseh.com.ar/images/**********?crc=%number%
   • http://rtoday.co.kr/images/**********?crc=%number%
   • http://erolook.nl/images/**********?crc=%number%
   • http://www.orangeinformatica.it/images/**********?crc=%number%
   • http://gajaga.com/images/**********?crc=%number%
   • http://claudiatarazona.com.ar/images/**********?crc=%number%
   • http://synerweb.net/images/**********?crc=%number%
   • http://baysu.net/images/**********?crc=%number%
   • http://202.78.195.166/images/**********?crc=%number%
   • http://snowdrop-cleaners.com/images/**********?crc=%number%
   • http://escolinha.vndv.com/images/**********?crc=%number%
   • http://blissalapitvany.hu/images/**********?crc=%number%
   • http://80.93.94.8/images/**********?crc=%number%
   • http://salonesalicante.com/images/**********?crc=%number%
   • http://adultcam24.com/images/**********?crc=%number%
   • http://www.canoniero.com/images/**********?crc=%number%
   • http://vesomin.com/images/**********?crc=%number%
   • http://recordgazette.com/images/**********?crc=%number%
   • http://grupocontinental.es/images/**********?crc=%number%
   • http://cie-tapisvolant.com/images/**********?crc=%number%
   • http://giulianopizza.com.ar/images/**********?crc=%number%
   • http://grada.es/images/**********?crc=%number%
   • http://www.latinbodysauna.com.pe/images/**********?crc=%number%
   • http://ore-photo.com/images/**********?crc=%number%
   • http://immo-eden.com/images/**********?crc=%number%
   • http://portal.silksoftsolutions.com/images/**********?crc=%number%
   • http://Coldassaultteam.clanfree.net/images/**********?crc=%number%
   • http://www.ave.airproduction.pl/images/**********?crc=%number%
   • http://centrobrother.com/images/**********?crc=%number%
   • http://lolacaprichos.com/images/**********?crc=%number%
   • http://laurasusedpanties.com/images/**********?crc=%number%
   • http://civetta.org/images/**********?crc=%number%
   • http://actrevol.fr/images/**********?crc=%number%
   • http://assurvieconseil.com/images/**********?crc=%number%
   • http://sair.hosting.paran.com/images/**********?crc=%number%
   • http://rockza-macau.com/images/**********?crc=%number%
   • http://alagozluler.com/images/**********?crc=%number%
   • http://moltosesso.info/images/**********?crc=%number%
   • http://aluminis-teima.com/images/**********?crc=%number%
   • http://vilaltaguitart.com/images/**********?crc=%number%
   • http://s223425274.onlinehome.us/images/**********?crc=%number%
   • http://nebulix.com/images/**********?crc=%number%
   • http://gampi.com.br/images/**********?crc=%number%
   • http://palermomix.uuuq.com/images/**********?crc=%number%
   • http://mycheapauto.com/images/**********?crc=%number%
   • http://kipc-me.com/images/**********?crc=%number%
   • http://celuquimia.com/images/**********?crc=%number%
   • http://loneranorte.com.ar/images/**********?crc=%number%
   • http://communiquer.com.br/images/**********?crc=%number%
   • http://aviva.ma/images/**********?crc=%number%
   • http://proprietedeprestige.fr/images/**********?crc=%number%
   • http://form-plast.com/images/**********?crc=%number%
   • http://sherrylai.netfirms.com/images/**********?crc=%number%
   • http://italiacampersud.it/images/**********?crc=%number%
   • http://anima64.soge.net/images/**********?crc=%number%
   • http://www.cestdubo.nl/images/**********?crc=%number%
   • http://pictoryart.com/images/**********?crc=%number%
   • http://circolopd.lu/images/**********?crc=%number%
   • http://cepatel.it/images/**********?crc=%number%
   • http://cafebali.cz/images/**********?crc=%number%
   • http://www.switch.com.mt/images/**********?crc=%number%
   • http://meafinance.com/images/**********?crc=%number%
At the time of writing this file was not online for further investigation.

 Registry The following registry keys are added:

[HKCU\Software\bisoft]
   • "frstrunn"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows\Security Center\Svc]
   • "EnableLUA"=dword:0x00000016



The following registry key is changed:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
   New value:
   • "EnableLUA"=dword:0x00000000

 Process termination List of processes that are terminated:
   • cfp.exe; 0fcd0g.exe; a2cmd.exe; a2guard.exe; a2HiJackFree.exe;
      a2scan.exe; a2service.exe; a2start.exe; a2upd.exe; a2wizard.exe;
      aavshield.exe; aawservice.exe; About.exe; ABregmon.exe; ACAAS.exe;
      ACAEGMgr.exe; ACAIS.exe; ACALS.exe; ACASP.exe; AckWin32.exe; acs.exe;
      ADVCHK.EXE; Agb5.exe; Agb5_.exe; AhnSD.exe; airdefense.exe; alarm.exe;
      ALERTSVC.EXE; ALMon.exe; ALOGSERV.EXE; ALsvc.exe; ALUNOTIFY.EXE;
      ALUSchedulerSvc.exe; amon.exe; Anti-Trojan.exe; AntiVirus.exe;
      ANTS.EXE; antvrs.exe; appsvc32.exe; APVXDWIN.EXE;
      arcabit.core.configurator2.exe; arcabit.core.loggingservice.exe;
      ArcaCheck.exe; Armor2net.exe; ash.exe; ashAvast.exe; ashAvSrv.exe;
      ashchest.exe; ashDisp.exe; ashDug.exe; ashEnhcd.exe; ashLogV.exe;
      ashMaiSv.exe; ashPopWz.exe; ashQuick.exe; ashServ.exe; ashsimp2.exe;
      ashSimpl.exe; ashSkPcc.exe; ashSkPck.exe; ashUpd.exe; aswupdsv.exe;
      ashWebSv.exe; ash_UpdateMediator.exe; aswDisp.exe; aswRegSvr.exe;
      aswUpdSv.exe; AszMon.exe; ATCON.EXE; ATUPDATER.EXE; ATWATCH.EXE;
      AUPDATE.EXE; AUTODOWN.EXE; AutostartExplorer.exe; AUTOTRACE.EXE;
      AUTOUPDATE.EXE; av2009.exe; avadmin.exe; avcenter.exe; avciman.exe;
      avcmd.exe; avconfig.exe; Avconsol.exe; avenger.exe; AVENGINE.EXE;
      avesvc.exe; avfwsvc.exe; avgam.exe; avgamsvr.exe; avgarkt.exe;
      avgcc.exe; AVGCC32.EXE; AVGCTRL.EXE; avgdiag.exe; avgemc.exe;
      avgfws8.exe; avgfwsrv.exe; avginet.exe; avgnpdln.exe; avgnpsvc.exe;
      avgnsx.exe; avgnt.exe; avgrssvc.exe; avgrsx.exe; avgscan.exe;
      AVGSERV.EXE; avgtray.exe; AVGUARD.EXE; avgupden.exe; avgupsvc.exe;
      avgvv.exe; avgw.exe; avgwdsvc.exe; avgwizfw.exe; avinitnt.exe;
      avirarkd.exe; avkproxy.exe; AvkServ.exe; AVKService.exe; avktray.exe;
      AVKWCtl.exe; avmailc.exe; AVMenu.exe; avnotify.exe; AVP.EXE;
      AVP32.EXE; avpcc.exe; avpm.exe; avpmapp.exe; AVPUPD.EXE; avscan.exe;
      AVSCHED32.EXE; avserver.exe; avsynmgr.exe; avwebgrd.exe; AVWUPD32.EXE;
      AVWUPSRV.EXE; AVXMONITOR9X.EXE; AVXMONITORNT.EXE; AVXQUAR.EXE;
      avz.exe; BackWeb-4476822.exe; bdagent.exe; bdmcon.exe; bdnews.exe;
      bdoesrv.exe; bdss.exe; bdsubmit.exe; bdsubmitwiz.exe; BDSurvey.exe;
      bdswitch.exe; bdwizreg.exe; blackd.exe; blackice.exe; blindman.exe;
      BTIni.exe; BTIniNT.exe; bullguard.exe; bullguardupdate.exe;
      BZDCOMLAUNCH.exe; BZRPCSS.exe; CAAntiSpyware.exe; cafix.exe;
      cagloballight.exe; capfasem.exe; capfsem.exe;
      cappactiveprotection.exe; CavApp.exe; CaVasm.exe; CavAUD.exe;
      CavEmSrv.exe; Cavmr.exe; CavMUD.exe; Cavoar.exe; CavQ.exe; cavrid.exe;
      CAVSCons.exe; cavse.exe; CavSn.exe; CavSub.exe; CAVSubmit.exe;
      CavUMAS.exe; CavUserUpd.exe; Cavvl.exe; ccApp.exe; ccEvtMgr.exe;
      cclaw.exe; ccprovsp.exe; ccProxy.exe; ccSetMgr.exe; ccSvcHst.exe;
      cctray.exe; CEmRep.exe; CFIAUDIT.EXE; cfp.exe; clamscan.exe;
      ClamTray.exe; ClamWin.exe; Claw95.exe; Claw95cf.exe; cleaner.exe;
      cleaner3.exe; ClientGUI.exe; CliSvc.exe; CLNTSVC.exe; CMain.exe;
      cmdagent.exe; CMGrdian.exe; cntaosmgr.exe; ComboFix.exe; consctl.exe;
      copyx64.exe; cpd.exe; cssexc.exe; cssurf.exe; cureit.exe;
      custinstall.exe; custsetup.exe; DarkSpy105.exe; defensewall.exe;
      DefWatch.exe; dislite.exe; DOORS.EXE; dpatrolq.exe; drvctl.exe;
      DrVirus.exe; DrvMap.exe; drwadins.exe; drweb32w.exe; drweb386.exe;
      drwebscd.exe; DRWEBUPW.EXE; drwebwcl.exe; drwreg.exe; dsa.exe;
      ecmd.exe; egni.exe; egui.exe; ekrn.exe; elogsvc.exe; EMM386.EXE;
      ESCANH95.EXE; ESCANHNT.EXE; escanmon.exe; esrreq.exe; essact.exe;
      ewidoctrl.exe; exit_av.exe; EzAntivirusRegistrationCheck.exe;
      F-AGNT95.EXE; F-PROT95.EXE; F-Sched.exe; F-StopW.EXE; FAMEH32.exe;
      FAST.EXE; FCH32.exe; feedback.exe; filemonsv.exe; firebird.exe;
      FireSvc.exe; FireTray.exe; FIREWALL.EXE; FLOPPY.EXE; FLOPPY9x.EXE;
      FLOPPYME.EXE; FPAVServer.exe; fpavupdm.exe; FProtTray.exe; fpscan.exe;
      fptrayproc.exe; FPWin.exe; freshclam.exe; FRW.EXE; fsample.exe;
      fsaua.exe; fsauach.exe; fsav.exe; fsav32.exe; fsavaui.exe;
      fsavgui.exe; fsavstrt.exe; fsavwsch.exe; fsavwscr.exe; fsbwsys.exe;
      fsdbuh.exe; fsdc.exe; fsdfwd.exe; FSDIAG.exe; FsDiagUi.exe;
      fsfwwsch.exe; fsfwwscr.exe; fsgetwab.exe; fsgk32.exe; fsgk32st.exe;
      fsguidll.exe; fsguiexe.exe; FSHDLL32.exe; fshelp.exe; FSHOTFIX.exe;
      fsihcomp.exe; fsihs.exe; FSIMAGE.EXE; FSLAUNCH.exe; FSM32.exe;
      FSMA32.exe; FSMB32.exe; fsorsp.exe; fspc.exe; fspex.exe; fsqh.exe;
      fssf.exe; fssg.exe; fssm32.exe; fsstm.exe; fssw.exe; fstlui.exe;
      fsuninst.exe; fsus.exe; FVProtect.exe; gcasDtServ.exe; gcasServ.exe;
      gdfirewalltray.exe; gdfwsvc.exe; GhostStartTrayApp.exe; GhostTray.exe;
      GIANTAntiSpywareMain.exe; GIANTAntiSpywareUpdater.exe; GUARD.EXE;
      guardgni.exe; GUARDGUI.EXE; GuardNT.exe; helper.exe; HijackThis.exe;
      HiJackThis_v2.exe; hipsdiag.exe; hookAnalyzer.exe; HRegMon.exe;
      Hrres.exe; HSockPE.exe; HUpdate.EXE; iamapp.exe; iamserv.exe;
      IceSword.exe; ICLOAD95.EXE; ICLOADNT.EXE; ICMON.EXE; ICSSUPPNT.EXE;
      ICSUPP95.EXE; ICSUPPNT.EXE; IERegFix.exe; IEShow.exe; IFACE.EXE;
      ih8.exe; ih8run.exe; ILAUNCHR.exe; INETUPD.EXE; Inicio.exe;
      InocIT.exe; InoRpc.exe; InoRT.exe; InoTask.exe; InoUpTNG.exe;
      InstallCAVS.exe; InstallLicense.exe; InstallLSP.exe; InstLsp.exe;
      INWISE.EXE; ioloAV.exe; ioloFW.exe; IOMON98.EXE; isafe.exe;
      ISATRAY.EXE; ISPNews.exe; isPwdsvc.exe; ISRV95.EXE; ISSVC.exe;
      isUAC.exe; itmrtsvc.exe; JEDI.EXE; jpf.exe; jpfsrv.exe; jpf_ip.dll;
      KAV.exe; kavmm.exe; KAVPF.exe; KavPFW.exe; KAVStart.exe; KAVSvc.exe;
      KAVSvcUI.EXE; KMailMon.EXE; KPfwSvc.EXE; KWatch.EXE; LAUNCH.exe;
      licmgr.exe; livesrv.exe; LiveUpdate.exe; LOCKDOWN2000.EXE;
      LogWatNT.exe; lpfw.exe; LUALL.EXE; LUCallbackProxy.exe; LUCheck.exe;
      LUCOMSERVER.EXE; LuComServer_3_2.EXE; LuConfig.exe; LUInit.exe;
      Luupdate.exe; MakeISO.exe; MalwareRemoval.exe; mantispm.exe;
      MBackMonitor.exe; MCAGENT.EXE; mcappins.exe; mcmnhdlr.exe;
      mcmscsvc.exe; mcnasvc.exe; mcproxy.exe; mcregwiz.exe; Mcshield.exe;
      mcsysmon.exe; mcuimgr.exe; MCUPDATE.EXE; mcvsmap.exe; mcvsshld.exe;
      MemString.exe; MINILOG.EXE; MONITOR.EXE; monlite.exe; MonSysNT.exe;
      MOOLIVE.EXE; moontray.exe; MpEng.exe; mpfagent.exe; mpfservice.exe;
      mpftray.exe; mpssvc.exe; mrtstub.exe; MSASCui.exe; MskSrver.exe;
      MSMPSVC.exe; MSProxy.ahn; mva.exe; MVC.exe; mwagent.exe; mwaser.exe;
      myAgtSvc.exe; myagttry.exe; navapsvc.exe; NAVAPW32.EXE; NavLu32.exe;
      NavShcom.exe; NAVStub.exe; NAVW32.EXE; Navwnt.exe; NDD32.EXE;
      NeoWatchLog.exe; NeoWatchTray.exe; netmonsv.exe; NetstatViewer.exe;
      nip.exe; nisoptui.exe; NISUM.EXE; njeeves.exe; NMAIN.EXE; nod32.exe;
      nod32krn.exe; nod32kui.exe; nodlogin.exe; NORMIST.EXE; NotifyHA.exe;
      notstart.exe; npavtray.exe; NPFMNTOR.EXE; npfmsg.exe; NPROTECT.EXE;
      NSCHED32.EXE; NSMdtr.exe; NssServ.exe; NssTray.exe; ntrtscan.exe;
      NTXconfig.exe; NUPGRADE.EXE; NVC95.EXE; nvcoas.exe; Nvcod.exe;
      nvcsched.exe; Nvcte.exe; Nvcut.exe; nvoy.exe; NWCDEX.EXE;
      NWService.exe; oasrv.exe; oaui.exe; OfcPfwSvc.exe; olAddin.exe;
      OnAccessInstaller.exe; op_mon.exe; osCheck.exe; OUTPOST.EXE;
      PartIn.exe; PartIn9x.exe; partinfo.exe; PartInNT.exe; PAV.EXE;
      PAVARK.exe; pavbckpt.exe; PavFires.exe; PavFnSvr.exe; Pavkre.exe;
      PavProt.exe; pavProxy.exe; pavprsrv.exe; pavsrv51.exe; PAVSS.EXE;
      pccguide.exe; PCCIOMON.EXE; pccntmon.exe; PCCPFW.exe; PcCtlCom.exe;
      PCTAV.exe; pctsauxs.exe; pctssvc.exe; pctstray.exe; PERSFW.EXE;
      pertsk.exe; PERVAC.EXE; pf6.exe; pg2.exe; PIFSvc.exe; PM8Flash.exe;
      PMagic.exe; PMagic9x.exe; PMagicBT.exe; PMagicNT.exe; PNMSRV.EXE;
      POLUTIL.exe; POP3TRAP.EXE; POPROXY.EXE; popscan.exe; postinstall.exe;
      PP2000.exe; ppavmon.exe; ppctlpriv.exe; ppfw.exe; ppinupdt.exe;
      ppserv.exe; pptbc.exe; PQBOOT.EXE; Pqboot32.exe; PQBOOTX.EXE;
      pqbw.exe; PQLAUNCH.EXE; PQMAGIC.EXE; PqPe.exe; pqpe9x.exe; pqpent.exe;
      PQV2iSvc.exe; preconfig.exe; preupd.exe; prevsrv.exe; PrevxSetup.exe;
      ProcessViewer.exe; psctrls.exe; pshost.exe; PsImSvc.exe; psksvc.exe;
      PTEDIT.EXE; PTEDIT32.EXE; PTEPIT32.EXE; PXAgent.exe; PXConsole.exe;
      PXL.exe; PXL1.exe; PXReset.exe; pxsupport.exe; QHM32.EXE;
      QHONLINE.EXE; QHONSVC.EXE; QHPF.EXE; qhwscsvc.exe; qklez.exe;
      qoeloader.exe; qrtfix.exe; quaranti.exe; RavMon.exe; RavTimer.exe;
      Realmon.exe; REALMON95.EXE; REATOGO_START.exe; register.exe;
      removeit.exe; Remover.exe; Rescue.exe; rfwmain.exe; RKUnhooker.exe;
      RkUService.exe; RootkitBuster.exe; Rootkit_Detective.exe; Rtvscan.exe;
      RTVSCN95.EXE; RuLaunch.exe; ruleeditor.exe; RunSetup.exe; sarcli.exe;
      sargui.exe; SAV32CLI.EXE; SAVAdminService.exe; SAVMain.exe;
      savprogress.exe; SavRoam.exe; SAVScan.exe; savservice.exe; SavUI.exe;
      sbamsvc.exe; sbamtray.exe; sbpfcl.exe; sbpflnch.exe; sbpfsvc.exe;
      SCAN32.EXE; scanner.exe; ScanningProcess.exe; scfmanager.exe;
      scfservice.exe; scftray.exe; sched.exe; sdhelp.exe; sdinvoker.exe;
      sdloader.exe; SDTrayApp.exe; seccenter.exe; SERVIC~1.EXE;
      sfctlcom.exe; shortcutCreator.exe; SHSTAT.exe; sigtool.exe;
      SiteCli.exe; smc.exe; SNDSrvc.exe; SNUTIL.EXE; SPBBCSvc.exe;
      SPHINX.EXE; spiderml.exe; spidernt.exe; Spiderui.exe; sporder.exe;
      SpybotSD.exe; SpywareTerminatorShield.exe; SPYXX.EXE; sp_rsser.exe;
      srvload.exe; SS3EDIT.EXE; StartMyagtTry.exe; start_diag.exe;
      stopsignav.exe; SubmitFiles.exe; SUPERAntiSpyware.exe; svcntaux.exe;
      swAgent.exe; swdoctor.exe; swdsvc.exe; SWNETSUP.EXE;
      SymantecRootInstaller.exe; symlcsvc.exe; SymProxySvc.exe;
      SymSPort.exe; SymWSC.exe; SYNMGR.EXE; Sysinfo.exe; SysSafe.exe;
      SystemGuardAlerter.exe; taskscheduler.exe; TAUMON.EXE; TBMon.exe;
      TC.EXE; tca.exe; TCM.EXE; TDS-3.EXE; TeaTimer.exe; TFAK.EXE;
      tfservice.exe; tgsvcstp.exe; THAV.EXE; THGnard.exe; THSM.EXE;
      Tmas.exe; tmas_oemon.exe; tmbmsrv.exe; tmlisten.exe; Tmntsrv.exe;
      TmPfw.exe; tmproxy.exe; TNBUtil.exe; tpsrv.exe; tracelog.exe;
      trayicos.exe; traysser.exe; Trjscan.exe; TrojanGuarder.exe;
      TrojanHunter.exe; trtddptr.exe; ufseagnt.exe; uiscan.exe;
      umxagent.exe; umxcfg.exe; umxfwhlp.exe; umxpol.exe; UninstallCAVS.exe;
      Uninstaller.exe; UninstallLSP.exe; UnlockerAssistant.exe;
      unp_test.exe; Up2Date.exe; UPDATE.EXE; UpdaterUI.exe; updclient.exe;
      upgrepl.exe; UPSObMaker.exe; UUpd.exe; V3ClnSrv.exe; vav.exe;
      Vba32ECM.exe; Vba32ifs.exe; vba32ldr.exe; Vba32PP3.exe; VBSNTW.exe;
      vchk.exe; vcrmon.exe; vetmsg.exe; VetTray.exe; viritexp.exe;
      viritsvc.exe; VirusKeeper.exe; VirusNews.exe; VistAux.exe;
      VisthLic.exe; VisthUpd.exe; VPC32.exe; VPTRAY.EXE; vrfwsvc.exe;
      VRMONNT.EXE; vrmonsvc.exe; vrrw32.exe; VSECOMR.EXE; Vshwin32.exe;
      vsmon.exe; vsserv.exe; VsStat.exe; WATCHDOG.EXE; Wclose.exe;
      webfiltr.exe; WebProxy.exe; Webscanx.exe; WEBTRAP.EXE; WGFE95.EXE;
      wil.exe; Winaw32.exe; WindowList.exe; WinPFind3U.exe; winroute.exe;
      winss.exe; winssnotify.exe; WRADMIN.EXE; WRCTRL.EXE; writespid.exe;
      WRPROG.EXE; wsctool.exe; xcommsvr.exe; zanda.exe; zatutor.exe;
      ZAUINST.EXE; zauninst.exe; zlclient.exe; ZLH.exe; zonealarm.exe;
      _AVP32.EXE; _AVPCC.EXE; _AVPM.EXE; AVP32.EXE; AVPCC.EXE; AVPM.EXE;
      a2cmd.exe; a2guard.exe; a2HiJackFree.exe; a2scan.exe; a2service.exe;
      a2start.exe; a2upd.exe; a2wizard.exe; aavshield.exe; About.exe;
      AckWin32.exe; ADVCHK.EXE; Agb5.exe; Agb5 .exe; AhnSD.exe;
      airdefense.exe; ALERTSVC.EXE; ALMon.exe; ALOGSERV.EXE; ALsvc.exe;
      ALUNOTIFY.EXE; amon.exe; Anti-Trojan.exe; AntiVirScheduler;
      AntiVirService; AntiVirus.exe; ANTS.EXE; APVXDWIN.EXE; Armor2net.exe;
      ash.exe; ashAvast.exe; ashAvSrv.exe; ashchest.exe; ashdisp.exe;
      ashDug.exe; ashEnhcd.exe; ashLogV.exe; ashMaiSv.exe; ashPopWz.exe;
      ashQuick.exe; ashServ.exe; ashsimp2.exe; ashSimpl.exe; ashSkPcc.exe;
      ashSkPck.exe; ashUpd.exe; ashWebSv.exe; ash UpdateMediator.exe;
      aswDisp.exe; aswRegSvr.exe; aswUpdSv.exe; ATCON.EXE; ATUPDATER.EXE;
      ATWATCH.EXE; AUPDATE.EXE; AUTODOWN.EXE; AutostartExplorer.exe;
      AUTOTRACE.EXE; AUTOUPDATE.EXE; avadmin.exe; avcenter.exe; avciman.exe;
      avcmd.exe; avconfig.exe; Avconsol.exe; AVENGINE.EXE; avgamsvr.exe;
      avgcc.exe; AVGCC32.EXE; AVGCTRL.EXE; avgdiag.exe; avgemc.exe;
      avgfwsrv.exe; avginet.exe; avgnpdln.exe; avgnpsvc.exe; AVGNT.EXE;
      avgntdd; avgntmgr; avgrssvc.exe; avgscan.exe; AVGSERV.EXE;
      AVGUARD.EXE; avgupden.exe; avgupsvc.exe; avgvv.exe; avgw.exe;
      avgwizfw.exe; avinitnt.exe; AvkServ.exe; AVKService.exe; AVKWCtl.exe;
      avnotify.exe; AVP.EXE; AVP32.EXE; avpcc.exe; avpm.exe; AVPUPD.EXE;
      avscan.exe; AVSCHED32.EXE; avsynmgr.exe; AVWUPD32.EXE; AVWUPSRV.EXE;
      AVXMONITOR9X.EXE; AVXMONITORNT.EXE; AVXQUAR.EXE; BackWeb-4476822.exe;
      bdagent.exe; bdmcon.exe; bdnews.exe; bdoesrv.exe; bdss.exe;
      bdsubmit.exe; bdsubmitwiz.exe; BDSurvey.exe; bdswitch.exe;
      bdwizreg.exe; blackd.exe; blackice.exe; blindman.exe; BTIni.exe;
      BTIniNT.exe; cafix.exe; CavApp.exe; CaVasm.exe; CavAUD.exe;
      CavEmSrv.exe; Cavmr.exe; CavMUD.exe; Cavoar.exe; CavQ.exe;
      CAVSCons.exe; cavse.exe; CavSn.exe; CavSub.exe; CAVSubmit.exe;
      CavUMAS.exe; CavUserUpd.exe; Cavvl.exe; ccApp.exe; ccEvtMgr.exe;
      ccProxy.exe; ccSetMgr.exe; CEmRep.exe; CFIAUDIT.EXE; clamscan.exe;
      ClamTray.exe; ClamWin.exe; Claw95.exe; Claw95cf.exe; cleaner.exe;
      cleaner3.exe; CliSvc.exe; CMain.exe; CMGrdian.exe; copyx64.exe;
      cpd.exe; cssexc.exe; custinstall.exe; custsetup.exe; defensewall.exe;
      DefWatch.exe; dislite.exe; DOORS.EXE; dpatrolq.exe; drvctl.exe;
      DrVirus.exe; DrvMap.exe; drwadins.exe; drweb32w.exe; drweb386.exe;
      drwebscd.exe; DRWEBUPW.EXE; drwebwcl.exe; drwreg.exe; ecmd.exe;
      egni.exe; ekrn.exe; EMM386.EXE; ESCANH95.EXE; ESCANHNT.EXE;
      ewidoctrl.exe; exit av.exe; EzAntivirusRegistrationCheck.exe;
      F-AGNT95.EXE; F-PROT95.EXE; F-Sched.exe; F-StopW.EXE; FAMEH32.exe;
      FAST.EXE; FCH32.exe; firebird.exe; FireSvc.exe; FireTray.exe;
      FIREWALL.EXE; FLOPPY.EXE; FLOPPY9x.EXE; FLOPPYME.EXE; FPAVServer.exe;
      fpavupdm.exe; FProtTray.exe; fpscan.exe; fptrayproc.exe; FPWin.exe;
      freshclam.exe; FRW.EXE; fsample.exe; fsaua.exe; fsauach.exe; fsav.exe;
      fsav32.exe; fsavaui.exe; fsavgui.exe; fsavstrt.exe; fsavwsch.exe;
      fsavwscr.exe; fsbwsys.exe; fsdbuh.exe; fsdc.exe; fsdfwd.exe;
      FSDIAG.exe; FsDiagUi.exe; fsfwwsch.exe; fsfwwscr.exe; fsgetwab.exe;
      fsgk32.exe; fsgk32st.exe; fsguidll.exe; fsguiexe.exe; FSHDLL32.exe;
      fshelp.exe; FSHOTFIX.exe; fsihcomp.exe; fsihs.exe; FSIMAGE.EXE;
      FSLAUNCH.exe; FSM32.exe; FSMA32.exe; FSMB32.exe; fspc.exe; fspex.exe;
      fsqh.exe; fssf.exe; fssg.exe; fssm32.exe; fsstm.exe; fssw.exe;
      fstlui.exe; fsuninst.exe; fsus.exe; gcasDtServ.exe; gcasServ.exe;
      GIANTAntiSpywareMain.exe; GIANTAntiSpywareUpdater.exe; GUARD.EXE;
      guardgni.exe; GUARDGUI.EXE; GuardNT.exe; helper.exe; hipsdiag.exe;
      HRegMon.exe; Hrres.exe; HSockPE.exe; HUpdate.EXE; iamapp.exe;
      iamserv.exe; ICLOAD95.EXE; ICLOADNT.EXE; ICMON.EXE; ICSSUPPNT.EXE;
      ICSUPP95.EXE; ICSUPPNT.EXE; IERegFix.exe; IFACE.EXE; ih8.exe;
      ih8run.exe; ILAUNCHR.exe; INETUPD.EXE; InocIT.exe; InoRpc.exe;
      InoRT.exe; InoTask.exe; InoUpTNG.exe; InstallCAVS.exe;
      InstallLicense.exe; InstallLSP.exe; InstLsp.exe; INWISE.EXE;
      IOMON98.EXE; isafe.exe; ISATRAY.EXE; ISPNews.exe; isPwdsvc.exe;
      ISRV95.EXE; ISSVC.exe; isUAC.exe; JEDI.EXE; KAV.exe; kavmm.exe;
      KAVPF.exe; KavPFW.exe; KAVStart.exe; KAVSvc.exe; KAVSvcUI.EXE;
      KMailMon.EXE; KPfwSvc.EXE; KWatch.EXE; licmgr.exe; livesrv.exe;
      LiveUpdate.exe; LOCKDOWN2000.EXE; LogWatNT.exe; lpfw.exe; LUALL.EXE;
      LUCallbackProxy.exe; LUCheck.exe; LUCOMSERVER.EXE; LuComServer 3
      2.EXE; LuConfig.exe; LUInit.exe; Luupdate.exe; MalwareRemoval.exe;
      MCAGENT.EXE; mcmnhdlr.exe; mcregwiz.exe; Mcshield.exe; MCUPDATE.EXE;
      mcvsshld.exe; MemString.exe; MINILOG.EXE; MONITOR.EXE; monlite.exe;
      MonSysNT.exe; MOOLIVE.EXE; MpEng.exe; mpssvc.exe; MSMPSVC.exe;
      msascui.exe; mva.exe; MVC.exe; myAgtSvc.exe; myagttry.exe;
      navapsvc.exe; NAVAPW32.EXE; NavLu32.exe; NAVStub.exe; NAVW32.EXE;
      Navwnt.exe; NDD32.EXE; NeoWatchLog.exe; NeoWatchTray.exe;
      NetstatViewer.exe; nisoptui.exe; NISSERV; NISUM.EXE; NMAIN.EXE;
      nod32.exe; nod32krn.exe; nod32kui.exe; NORMIST.EXE; NotifyHA.exe;
      notstart.exe; npavtray.exe; NPFMNTOR.EXE; npfmsg.exe; NPROTECT.EXE;
      NSCHED32.EXE; NSMdtr.exe; NssServ.exe; NssTray.exe; ntrtscan.exe;
      NTXconfig.exe; NUPGRADE.EXE; NVC95.EXE; Nvcod.exe; Nvcte.exe;
      Nvcut.exe; NWCDEX.EXE; NWService.exe; oasrv.exe; oaui.exe;
      OfcPfwSvc.exe; olAddin.exe; OnAccessInstaller.exe; osCheck.exe;
      OUTPOST.EXE; PartIn.exe; PartIn9x.exe; partinfo.exe; PartInNT.exe;
      PAV.EXE; PavFires.exe; PavFnSvr.exe; Pavkre.exe; PavProt.exe;
      pavProxy.exe; pavprsrv.exe; pavsrv51.exe; PAVSS.EXE; pccguide.exe;
      PCCIOMON.EXE; pccntmon.exe; PCCPFW.exe; PcCtlCom.exe; PCTAV.exe;
      PERSFW.EXE; pertsk.exe; PERVAC.EXE; PM8Flash.exe; PMagic.exe;
      PMagic9x.exe; PMagicBT.exe; PMagicNT.exe; PNMSRV.EXE; POLUTIL.exe;
      POP3TRAP.EXE; POPROXY.EXE; postinstall.exe; ppfw.exe; PQBOOT.EXE;
      Pqboot32.exe; PQBOOTX.EXE; pqbw.exe; PQLAUNCH.EXE; PQMAGIC.EXE;
      PqPe.exe; pqpe9x.exe; pqpent.exe; preconfig.exe; preupd.exe;
      prevsrv.exe; PrevxSetup.exe; ProcessViewer.exe; psctrls.exe;
      pshost.exe; PsImSvc.exe; PTEDIT.EXE; PTEDIT32.EXE; PTEPIT32.EXE;
      PXAgent.exe; PXConsole.exe; PXL.exe; PXL1.exe; PXReset.exe;
      pxsupport.exe; QHM32.EXE; QHONLINE.EXE; QHONSVC.EXE; QHPF.EXE;
      qhwscsvc.exe; qklez.exe; qrtfix.exe; quaranti.exe; RavMon.exe;
      RavTimer.exe; Realmon.exe; REALMON95.EXE; register.exe; removeit.exe;
      Remover.exe; Rescue.exe; rfwmain.exe; Rtvscan.exe; RTVSCN95.EXE;
      RuLaunch.exe; RunSetup.exe; sarcli.exe; sargui.exe; SAV32CLI.EXE;
      SAVAdminService.exe; SAVMain.exe; savprogress.exe; SAVScan.exe;
      SCAN32.EXE; scanner.exe; ScanningProcess.exe; sched.exe; sdhelp.exe;
      sdinvoker.exe; sdloader.exe; SDTrayApp.exe; seccenter.exe;
      SERVIC~1.EXE; SHSTAT.EXE; sigtool.exe; SiteCli.exe; smc.exe;
      SNDSrvc.exe; SNUTIL.EXE; SPBBCSvc.exe; SPHINX.EXE; spiderml.exe;
      spidernt.exe; Spiderui.exe; sporder.exe; SpybotSD.exe; SPYXX.EXE;
      SS3EDIT.EXE; start diag.exe; stopsignav.exe; SubmitFiles.exe;
      svcntaux.exe; swAgent.exe; swdoctor.exe; swdsvc.exe; SWNETSUP.EXE;
      SymantecRootInstaller.exe; symlcsvc.exe; SymProxySvc.exe;
      SymSPort.exe; SymWSC.exe; SYNMGR.EXE; Sysinfo.exe; TAUMON.EXE;
      TBMon.exe; TC.EXE; tca.exe; TCM.EXE; TDS-3.EXE; TeaTimer.exe;
      TFAK.EXE; tgsvcstp.exe; THAV.EXE; THGnard.exe; THSM.EXE; Tmas.exe;
      tmlisten.exe; Tmntsrv.exe; TmPfw.exe; tmproxy.exe; tnbutil.exe;
      tracelog.exe; TRJSCAN.EXE; TrojanGuarder.exe; TrojanHunter.exe;
      trtddptr.exe; uiscan.exe; UninstallCAVS.exe; Uninstaller.exe;
      UninstallLSP.exe; unp test.exe; Up2Date.exe; UPDATE.EXE;
      UpdaterUI.exe; updclient.exe; upgrepl.exe; UPSObMaker.exe; UUpd.exe;
      Vba32ECM.exe; Vba32ifs.exe; vba32ldr.exe; Vba32PP3.exe; VBSNTW.exe;
      vchk.exe; vcrmon.exe; VetTray.exe; viritexp.exe; viritsvc.exe;
      VirusKeeper.exe; VirusNews.exe; VistAux.exe; VisthLic.exe;
      VisthUpd.exe; VPTRAY.EXE; vrfwsvc.exe; VRMONNT.EXE; vrmonsvc.exe;
      vrrw32.exe; VSECOMR.EXE; Vshwin32.exe; vsmon.exe; vsserv.exe;
      VsStat.exe; w9xpopen; WATCHDOG.EXE; Wclose.exe; webfiltr.exe;
      WebProxy.exe; Webscanx.exe; WEBTRAP.EXE; WGFE95.EXE; wil.exe;
      Winaw32.exe; WindowList.exe; winroute.exe; winss.exe; winssnotify.exe;
      WRADMIN.EXE; WRCTRL.EXE; writespid.exe; WRPROG.EXE; wsctool.exe;
      xcommsvr.exe; zatutor.exe; ZAUINST.EXE; zauninst.exe; zlclient.exe;
      zonealarm.exe


 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • Themida

Descripción insertada por Petre Galan el martes 2 de febrero de 2010
Descripción actualizada por Petre Galan el jueves 4 de febrero de 2010

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.