¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Virus:Worm/VB.bfd
Date discovered:24/03/2010
Type:Worm
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low to medium
Damage Potential:Medium
Static file:Yes
File size:487.424 Bytes
MD5 checksum:7dca7f90bea77d676fb039d7f137564a
IVDF version:7.10.05.192 - Wednesday, March 24, 2010

 General Method of propagation:
   • Autorun feature


Aliases:
   •  Mcafee: Generic.dx
   •  Sophos: W32/VB-EPJ
   •  Bitdefender: Worm.VB.NIB
   •  Panda: W32/VB.AIP
   •  Eset: Win32/VB.NVL


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Third party control
   • Drops malicious files
   • Registry modification

 Files It copies itself to the following location:
   • %drive%\autorun.exe



The following files are created:

%drive%\autorun.inf This is a non malicious text file with the following content:
   • %code that runs malware%

%TEMPDIR%\~DF3CCB.tmp

 Registry The following registry key is added in order to run the process after reboot:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "WinDirectories"="%WINDIR%\tdirs.exe"

 IRC To deliver system information and to provide remote control it connects to the following IRC Server:

Server: httpbounce.bou**********.net
Port: 6667
Channel: #xxxpassworld
Nickname: pyramid

 File details Programming language:
The malware program was written in Visual Basic.

Descripción insertada por Petre Galan el jueves, 22 de julio de 2010
Descripción actualizada por Petre Galan el jueves, 22 de julio de 2010

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.