¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Date discovered:17/08/2009
In the wild:Yes
Reported Infections:Low
Distribution Potential:Medium
Damage Potential:Low to medium
Static file:Yes
File size:16.0578 Bytes
MD5 checksum:95AD430ABCA3DA496600F764C120683C
VDF version:
IVDF version: - Monday, August 17, 2009

 General Method of propagation:
   • Local network

   •  Kaspersky: Net-Worm.Win32.Kido.fz
   •  Sophos: Mal/Conficker-A
   •  Eset: Win32/Conficker.AE worm

Platform / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7

Side effects:
   • Drops a file

 Files The following file is created:

%SYSDIR%\%number%.tmp Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too.

It tries to execute the following file:

– Filename:
   • explorer.exe
using the following command line arguments: c:

 Network Infection In order to ensure its propagation the malware attemps to connect to other machines as described below.

 Injection     Process name:
   • svchost.exe

 Miscellaneous Accesses internet resources:
   • http://**********tqvpb.org/search?q=0;

It creates the following Mutex:
   • zjufikhflutftitl

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Descripción insertada por Andrei Ilie el viernes 14 de enero de 2011
Descripción actualizada por Andrei Ilie el martes 18 de enero de 2011

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.