¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Virus:VBS/Dldr.Nichgoo.A
Type:JavaScript
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:No
VDF version:7.11.108.254 - Tuesday, October 22, 2013
IVDF version:7.11.108.254 - Tuesday, October 22, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: VBS/Autorun.worm.k
   •  TrendMicro: VBS_AGENTT.RGE
   •  Bitdefender: Trojan.VBE.Agent.D
     Avast: VBS:Agent-ASE [Trj]
     Microsoft: Worm:VBS/Serverons.A
     AVG: BackDoor.Generic_c.MUO
     DrWeb: VBS.DownLoader.78


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

 Files The following file is created:

%userprofile%\Start Menu\Programs\Startup\help.vbe Furthermore it gets executed after it was fully created.

 Registry One of the following values is added in order to run the process after reboot:

  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "help.vbe"="\"%temp%\help.vbe\""



The following registry key is changed:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
   Shell Folders]
   New value:
   • "Startup"="%userprofile%\Start Menu\Programs\Startup"

 File details Programming language:
The malware program was written in Visual Basic.


Encryption:
Encrypted - The virus code inside the file is encrypted.

Descripción insertada por Soe-liang Tan el jueves 24 de octubre de 2013
Descripción actualizada por Soe-liang Tan el jueves 24 de octubre de 2013

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.