¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Virus:TR/VB.kkb
Date discovered:29/11/2011
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Medium to high
Damage Potential:Medium
VDF version:7.11.18.123 - Tuesday, November 29, 2011
IVDF version:7.11.18.123 - Tuesday, November 29, 2011

 General Methods of propagation:
   • Autorun feature
   • Local network
   • Messenger


Aliases:
   •  Mcafee: Generic
   •  Kaspersky: Trojan.Win32.Jorik.IRCbot.ded
   •  Bitdefender: Worm.Dorkbot.A
   •  Grisoft: Generic25.AVWP
   •  Eset: a variant of Win32/Injector.KLN trojan
   •  GData: Worm.Dorkbot.A
   •  DrWeb: Trojan.MulDrop3.13802
   •  Norman: Trojan W32/VBInject.ADL


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Can be used to modify system settings that allow or augment potential malware behaviour.
   • Registry modification

 Files It copies itself to the following location:
   • %APPDATA%\%six-digit random character string%.exe

 Registry One of the following values is added in order to run the process after reboot:

–  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Bwzizj"="%APPDATA%\\%six-digit random character string%.exe"

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS servers are contacted:
   • **********m0001.in
   • **********m0002.in


Event handler:
It creates the following Event handlers:
   • ReadProcessMemory
   • WriteProcessMemory
   • CreateRemoteThread
   • InternetReadFile
   • URLDownloadToFile
   • InternetOpenUrl
   • InternetOpen
   • CreateFile


String:
Furthermore it contains the following strings:
   • AV_sites
   • Starting flood
   • IRC Command
   • login
   • password
   • banking
   • pin
   • money
   • account
   • login.yahoo.*/*login*
   • facebook.*/login.php*
   • runescape*/*weblogin*
   • mediafire.com/*login*
   • freakshare.com/login*
   • uploading.com/*login*
   • filesonic.com/*login*
   • namecheap.com/*login*
   • speedyshare.com/login*
   • depositfiles.*/*/login*
   • thepiratebay.org/login*
   • bcointernacional*login*
   • uploaded.to/*login*
   • alertpay.com/login*
   • moniker.com/*Login*
   • dotster.com/*login*
   • oron.com/login*
   • ngrBot Error

 File details Programming language:
The malware program was written in Visual Basic.

Descripción insertada por Wensin Lee el viernes, 14 de septiembre de 2012
Descripción actualizada por Wensin Lee el viernes, 14 de septiembre de 2012

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.