¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Date discovered:28/01/2013
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
File size:87552 Bytes
MD5 checksum:9234d57924c2fec4e0fbf7b28fc096a6
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Bitdefender: Trojan.Generic.KD.837207
   •  AVG: PSW.Generic10.BMYB
   •  Eset: Win32/Trustezeb.C trojan
   •  Norman: W32/Obfuscated_J.KCA

Platforms / OS:
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Registry modification

 Files It copies itself to the following locations:
   • %temp%\%10 digit random character string% .pre
   • %temp%\%random character string%\%random character string%.exe

 Registry One of the following values is added in order to run the process after reboot:

–  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "tnnklyek"="%temp%\%random character string%\%random character string%.exe"

The following registry keys are added in order to load the service after reboot:

– [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager]
   • "PendingFileRenameOperations"="\??\%temp%\%10 digit random character string% .pre"

 Miscellaneous  Checks for an internet connection by contacting the following web sites:
   • http://kc**********-oum.com/typo**********.php?Itype=ld&ccr=1&id=D8812EB1434E41564549&stat=0&ver=1002301&loc=0x0809&os=Windows%**********XP
   • http://porky**********ry.net/UTP402**********.php?Itype=ld&ccr=1&id=D8812EB1434E41564549&cmd=report&idt=50&status=OK

Descripción insertada por Wensin Lee el miércoles, 30 de enero de 2013
Descripción actualizada por Wensin Lee el miércoles, 30 de enero de 2013

Volver . . . .