¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Date discovered:09/08/2010
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:40.960 Bytes
MD5 checksum:aea8d7c82c5f432a005c80a9ede32029
IVDF version: - Monday, August 9, 2010

 General Aliases:
   •  Kaspersky: Trojan.Win32.Siscos.acx
   •  F-Secure: Trojan.Win32.Siscos.acx
   •  Sophos: Troj/Siscos-A

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %WINDIR%\services.exe

 Registry –  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Adobe Update Service"="%WINDIR%\services.exe"

 Messenger It is spreading via Messenger. The characteristics are described below:

– Windows Live Messenger

 IRC – Furthermore it has the ability to perform the following action:
    • connect to IRC server

 Backdoor Contact server:
The following:
   • zk.imageshak.biz:4507

 Miscellaneous  Checks for an internet connection by contacting the following web site:
   • http://cachefly.cachefly.net/1mb.test

 File details Programming language:
The malware program was written in MS Visual C++.

Descripción insertada por Irina Diaconescu el jueves 28 de octubre de 2010
Descripción actualizada por Irina Diaconescu el miércoles 3 de noviembre de 2010

Volver . . . .