¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Virus:TR/Ircbrute.A.175
Date discovered:10/03/2010
Type:Trojan
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:118.784 Bytes
MD5 checksum:038254c3df0a864d10eecba3477003f0
IVDF version:7.10.05.35 - Wednesday, March 10, 2010

 General Aliases:
   •  Sophos: Troj/Agent-NAG
   •  Panda: Bck/IRCBot.CWM
   •  Eset: Win32/Boberog.AK
   •  Bitdefender: IRC-Worm.Generic.10552


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops malicious files
   • Lowers security settings
   • Registry modification
   • Third party control

 Files It copies itself to the following location:
   • %WINDIR%\msnmgr.exe



The following file is created:

– C:\a.txt



It tries to executes the following file:

– Filename:
   • "%WINDIR%\msnmgr.exe"

 Registry It creates the following entry in order to bypass the Windows XP firewall:

– [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   • "%executed file%"="%executed file%:*:Enabled:Userinit"



The following registry key is changed:

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   New value:
   • "Userinit"="%SYSDIR%\userinit.exe,%WINDIR%\msnmgr.exe"

 IRC To deliver system information and to provide remote control it connects to the following IRC Server:

Server: b.msn**********.org
Port: 1234
Channel: #bb#
Nickname: n[USA|XP]%number%

 File details Programming language:
The malware program was written in Visual Basic.

Descripción insertada por Petre Galan el viernes, 28 de mayo de 2010
Descripción actualizada por Petre Galan el viernes, 28 de mayo de 2010

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.