Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Nom:Worm/Mytob.HB
La date de la dcouverte:13/12/2012
Type:Ver
En circulation:Non
Infections signales Faible
Potentiel de distribution:Moyen
Potentiel de destruction:Moyen
Fichier statique:Non
Taille du fichier:118.784 Octets
Version VDF:7.11.53.216

 Gnral Mthode de propagation:
   • Email


Les alias:
   •  Kaspersky: Net-Worm.Win32.Mytob.bi
   •  TrendMicro: WORM_MYTOB.LY


Plateformes / Systmes d'exploitation:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP


Effets secondaires:
   • Il bloque l'accs aux sites web de scurit
   • Arrt les applications de scurit
   • Il emploie son propre moteur de courrier lectronique
   • Il diminue les rglages de scurit
   • Il modifie des registres
   • Il facilite l'accs non autoris l'ordinateur

 Fichiers Il s'autocopie dans l'emplacement suivant:
   • %SYSDIR%\mshotmon.exe



Il se copie dans des fichiers compresss l'emplacement suivant :
   • %TEMPDIR%\tmp%numro hexadcimal%.tmp

 Registre Les cls de registre suivantes sont ajoutes afin d'excuter des processus aprs le redmarrage:

HKLM\software\microsoft\windows\currentversion\run
   • "microsoft hotmail monitor"="mshotmon.exe"

HKLM\software\microsoft\windows\currentversion\runservices
   • "microsoft hotmail monitor"="mshotmon.exe"

 Email Il contient un moteur SMTP intgr pour envoyer des emails. Une connexion directe avec le serveur destination sera tablie. Les caractristiques sont dcrites ci-dessous:


De:
Adresses gnres. Ne pas supposer pas que c'tait l'intention de l'expditeur de vous envoyer cet email. Il est possible qu'il ne sache pas qu'il est infect ou il est possible qu'il ne soit pas du tout infect. En outre, il est possible que vous receviez des emails en retour vous signifiant que vous tes infect. Ceci pourrait galement ne pas tre le cas.


A:
– Les adresses email trouvs dans des fichiers spcifiques du systme.
 les adresses d'email recueillies du WAB (Windows Address Book)
– Les adresses cres


Sujet:
Un des suivants:
   • "IMPORTANT-DETAILS"
   • "ACCOUNT-DETAILS"
   • "EMAIL-DETAILS"
   • "ACCOUNT-INFO"
   • "DOCUMENT"
   • "README"
   • "ACCOUNT-REPORT"
   • "YOUR ACCOUNT IS SUSPENDED"
   • "*DETECTED* ONLINE USER VIOLATION"
   • "YOUR ACCOUNT IS SUSPENDED FOR SECURITY REASONS"
   • "WARNING MESSAGE: YOUR SERVICES NEAR TO BE CLOSED."
   • "IMPORTANT NOTIFICATION"
   • "MEMBERS SUPPORT"
   • "SECURITY MEASURES"
   • "EMAIL ACCOUNT SUSPENSION"
   • "NOTICE OF ACCOUNT LIMITATION"

En outre le sujet peut contenir des lettres alatoires.


Corps:
– Il contient du code HTML
Le corps de l'email est un des suivants:

   • Dear user %l'adresse email du destinataire%,
     
     It has come to our attention that your %le domaine de l'expditeur%
      User Profile ( x ) records are out of date. For further details see the attached document.
     
     Thank you for using %le domaine de l'expditeur%!
     The %le domaine de l'expditeur% Support Team
     
     
     
     
     
     
     +++ Attachment: No Virus (Clean)
     +++ %le domaine de l'expditeur% Antivirus - %le domaine de l'expditeur%

   • Dear %le domaine de l'expditeur% Member,
     
     Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.
     
     If you choose to ignore our request, you leave us no choice but to cancel your membership.
     
     Virtually yours,
     The %le domaine de l'expditeur% Support Team
     
     
     
     
     
     
     +++ Attachment: No Virus found
     +++ %le domaine de l'expditeur% Antivirus - %le domaine de l'expditeur%
     

   • Dear %le domaine de l'expditeur% Member,
     
     We have temporarily suspended your email account %l'adresse email du destinataire% .
     
     This might be due to either of the following reasons:
     
     1. A recent change in your personal information (i.e. change of address).
     2. Submiting invalid information during the initial sign up process.
     3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
     See the details to reactivate your %le domaine de l'expditeur% account.
     
     Sincerely,The %le domaine de l'expditeur% Support Team
     
     
     
     
     
     
     +++ Attachment: No Virus (Clean)
     +++ %le domaine de l'expditeur% Antivirus - %le domaine de l'expditeur%

   • Dear user %le nom d'utilisateur de l'adresse email du destinataire%,
     
     You have successfully updated the password of your %le domaine de l'expditeur% account.
     
     If you did not authorize this change or if you need assistance with your account, please contact %le domaine de l'expditeur% customer service at: info@%le domaine de l'expditeur%
     
     Thank you for using %le domaine de l'expditeur% !
     The %le domaine de l'expditeur% Support Team


Pice jointe:
Le nom de fichier de l'attachement est un des suivants:
   • accepted-password.zip
   • account-details.zip
   • account-info.zip
   • account-password.zip
   • account-report.zip
   • approved-password.zip
   • document.zip
   • email-details.zip
   • email-password.zip
   • important-details.zip
   • new-password.zip
   • readme.zip
   • updated-password.zip

L'attachement est une copie du malware lui-mme.



L'email pourrait ressembler un des suivants:



 Envoie de messages Recherche des adresses:
Il cherche les fichiers suivants pour des adresses email:
   • txt; htm; sht; jsp; cgi; xml; php; asp; dbx; tbb; adb; html; wab


La cration des adresses pour champ DE:
Pour produire des adresses il utilise les chanes de caractres suivantes:
   • "john"; "josh"; "alex"; "michael"; "james"; "mike"; "kevin"; "david";
      "george"; "sam"; "andrew"; "jose"; "leo"; "maria"; "jim"; "brian";
      "serg"; "mary"; "ray"; "tom"; "peter"; "robert"; "bob"; "jane"; "joe";
      "dan"; "dave"; "matt"; "steve"; "smith"; "stan"; "bill"; "bob";
      "jack"; "fred"; "ted"; "paul"; "brent"; "sales"; "anna"; "brenda";
      "claudia"; "debby"; "helen"; "jerry"; "jimmy"; "julie"; "linda";
      "michael"; "frank"; "adam"; "sandra"; "support"; "administrator";
      "mail"; "service"; "admin"; "info"; "register"; "webmaster"

Il combine le rsultat avec les domaines trouvs dans les fichiers qui ont t prcdemment recherchs pour des adresses.


viter les adresses:
Il n'envoie pas des emails aux adresses contenant une des chanes de caractres suivantes:
   • "berkeley"; "unix"; "math"; "bsd"; "mit.e"; "gnu"; "fsf."; "ibm.com";
      "google"; "kernel"; "linux"; "fido"; "usenet"; "iana"; "ietf";
      "rfc-ed"; "sendmail"; "arin."; "ripe."; "isi.e"; "isc.o"; "secur";
      "acketst"; "pgp"; "tanford.e"; "utgers.ed"; "mozilla"; "avp"; "syma";
      "icrosof"; "msn."; "hotmail"; "panda"; "sopho"; "borlan"; "inpris";
      "example"; "mydomai"; "nodomai"; "ruslis"; ".gov"; "gov."; ".mil";
      "foo."; "spm"; "fcnz"; "www"; "secur"; "abuse"; "admin"; "icrosoft";
      "support"; "ntivi"; "unix"; "bsd"; "linux"; "listserv"; "certific";
      "google"; "accoun"; "root"; "info"; "samples"; "postmaster";
      "webmaster"; "noone"; "nobody"; "nothing"; "anyone"; "someone";
      "your"; "you"; "bugs"; "rating"; "site"; "contact"; "soft";
      "somebody"; "privacy"; "service"; "help"; "not"; "submit"; "feste";
      "gold-certs"; "the.bat"; "page"


Ajoutez les chanes de caractres au dbut de MX :
Afin d'obtenir l'adresse IP du serveur d'email, il a la capacit d'ajouter au dbut du nom de domaine les chanes de caractres suivantes:
   • mx.
   • mail.
   • smtp.
   • mx1.
   • mxs.
   • mail1.
   • relay.
   • ns.
   • gate.

 IRC Afin de fournir des informations sur le systme et un accs distance, il se connecte au serveur IRC suivant:

Serveur: ilikeboys.yi.org
Port: 4367
Canal: ilikeboys



 Ce Malware a la capacit de ramasser et d'envoyer des informations tel que:
    • Vitesse du CPU
    • Mmoire libre
    • L'ID de la plateforme


 Ensuite il a la capacit d'oprer des actions tel que:
    • Tlcharger un fichier
    • Excuter un fichier
    • Envoyer des e-mails
    • Terminer le Malware
     Se mettre jour tout seul

 Htes Le fichier hte est modifi, comme il est expliqu:

Dans ce cas les entres dj existantes ne sont pas modifies.

L'accs aux liens URL suivants est effectivement bloqu :
   • www.symantec.com
   • securityresponse.symantec.com
   • symantec.com
   • www.sophos.com
   • sophos.com
   • www.mcafee.com
   • mcafee.com
   • liveupdate.symantecliveupdate.com
   • www.viruslist.com
   • viruslist.com
   • viruslist.com
   • f-secure.com
   • www.f-secure.com
   • kaspersky.com
   • kaspersky-labs.com
   • www.avp.com
   • www.kaspersky.com
   • avp.com
   • www.networkassociates.com
   • networkassociates.com
   • www.ca.com
   • ca.com
   • mast.mcafee.com
   • my-etrust.com
   • www.my-etrust.com
   • download.mcafee.com
   • dispatch.mcafee.com
   • secure.nai.com
   • nai.com
   • www.nai.com
   • update.symantec.com
   • updates.symantec.com
   • us.mcafee.com
   • liveupdate.symantec.com
   • customer.symantec.com
   • rads.mcafee.com
   • trendmicro.com
   • pandasoftware.com
   • www.pandasoftware.com
   • www.trendmicro.com
   • www.grisoft.com
   • www.microsoft.com
   • microsoft.com
   • www.virustotal.com
   • virustotal.com
   • www.amazon.com
   • www.amazon.co.uk
   • www.amazon.ca
   • www.amazon.fr
   • www.paypal.com
   • paypal.com
   • moneybookers.com
   • www.moneybookers.com
   • www.ebay.com
   • ebay.com




Le fichier hte modifi ressemblera ceci:


 Arrt de processus: La liste des processus qui sont termins:
   • "ACKWIN32.EXE"; "ADAWARE.EXE"; "ADVXDWIN.EXE"; "AGENTSVR.EXE";
      "AGENTW.EXE"; "ALERTSVC.EXE"; "ALEVIR.EXE"; "ALOGSERV.EXE";
      "AMON9X.EXE"; "ANTI-TROJAN.EXE"; "ANTIVIRUS.EXE"; "ANTS.EXE";
      "APIMONITOR.EXE"; "APLICA32.EXE"; "APVXDWIN.EXE"; "ARR.EXE";
      "ATCON.EXE"; "ATGUARD.EXE"; "ATRO55EN.EXE"; "ATUPDATER.EXE";
      "ATUPDATER.EXE"; "ATWATCH.EXE"; "AU.EXE"; "AUPDATE.EXE";
      "AUPDATE.EXE"; "AUTODOWN.EXE"; "AUTODOWN.EXE"; "AUTOTRACE.EXE";
      "AUTOTRACE.EXE"; "AUTOUPDATE.EXE"; "AUTOUPDATE.EXE"; "AVCONSOL.EXE";
      "AVE32.EXE"; "AVGCC32.EXE"; "AVGCTRL.EXE"; "AVGNT.EXE"; "AVGSERV.EXE";
      "AVGSERV9.EXE"; "AVGUARD.EXE"; "AVGW.EXE"; "AVKPOP.EXE";
      "AVKSERV.EXE"; "AVKSERVICE.EXE"; "AVKWCTl9.EXE"; "AVLTMAIN.EXE";
      "AVNT.EXE"; "AVP.EXE"; "AVP32.EXE"; "AVPCC.EXE"; "AVPDOS32.EXE";
      "AVPM.EXE"; "AVPTC32.EXE"; "AVPUPD.EXE"; "AVPUPD.EXE";
      "AVSCHED32.EXE"; "AVSYNMGR.EXE"; "AVWINNT.EXE"; "AVWUPD.EXE";
      "AVWUPD32.EXE"; "AVWUPD32.EXE"; "AVWUPSRV.EXE"; "AVXMONITOR9X.EXE";
      "AVXMONITORNT.EXE"; "AVXQUAR.EXE"; "AVXQUAR.EXE"; "BACKWEB.EXE";
      "BARGAINS.EXE"; "BD_PROFESSIONAL.EXE"; "BEAGLE.EXE"; "BELT.EXE";
      "BIDEF.EXE"; "BIDSERVER.EXE"; "BIPCP.EXE"; "BIPCPEVALSETUP.EXE";
      "BISP.EXE"; "BLACKD.EXE"; "BLACKICE.EXE"; "BLSS.EXE"; "BOOTCONF.EXE";
      "BOOTWARN.EXE"; "BORG2.EXE"; "BPC.EXE"; "BRASIL.EXE"; "BS120.EXE";
      "BUNDLE.EXE"; "BVT.EXE"; "CCAPP.EXE"; "CCEVTMGR.EXE"; "CCPXYSVC.EXE";
      "CDP.EXE"; "CFD.EXE"; "CFGWIZ.EXE"; "CFIADMIN.EXE"; "CFIAUDIT.EXE";
      "CFIAUDIT.EXE"; "CFINET.EXE"; "CFINET32.EXE"; "CLEAN.EXE";
      "CLEANER.EXE"; "CLEANER3.EXE"; "CLEANPC.EXE"; "CLICK.EXE";
      "CMD32.EXE"; "CMESYS.EXE"; "CMGRDIAN.EXE"; "CMON016.EXE";
      "CONNECTIONMONITOR.EXE"; "CPD.EXE"; "CPF9X206.EXE"; "CPFNT206.EXE";
      "CTRL.EXE"; "CV.EXE"; "CWNB181.EXE"; "CWNTDWMO.EXE"; "CLAW95CF.EXE";
      "DATEMANAGER.EXE"; "DCOMX.EXE"; "DEFALERT.EXE"; "DEFSCANGUI.EXE";
      "DEFWATCH.EXE"; "DEPUTY.EXE"; "DIVX.EXE"; "DLLCACHE.EXE";
      "DLLREG.EXE"; "DOORS.EXE"; "DPF.EXE"; "DPFSETUP.EXE"; "DPPS2.EXE";
      "DRWATSON.EXE"; "DRWEB32.EXE"; "DRWEBUPW.EXE"; "DSSAGENT.EXE";
      "DVP95.EXE"; "DVP95_0.EXE"; "ECENGINE.EXE"; "EFPEADM.EXE"; "EMSW.EXE";
      "ENT.EXE"; "ESAFE.EXE"; "ESCANHNT.EXE"; "ESCANV95.EXE";
      "ESPWATCH.EXE"; "ETHEREAL.EXE"; "ETRUSTCIPE.EXE"; "EVPN.EXE";
      "EXANTIVIRUS-CNET.EXE"; "EXE.AVXW.EXE"; "EXPERT.EXE"; "EXPLORE.EXE";
      "F-PROT.EXE"; "F-PROT95.EXE"; "F-STOPW.EXE"; "FAMEH32.EXE";
      "FAST.EXE"; "FCH32.EXE"; "FIH32.EXE"; "FINDVIRU.EXE"; "FIREWALL.EXE";
      "FNRB32.EXE"; "FP-WIN.EXE"; "FP-WIN_TRIAL.EXE"; "FPROT.EXE";
      "FRW.EXE"; "FSAA.EXE"; "FSAV.EXE"; "FSAV32.EXE"; "FSAV530STBYB.EXE";
      "FSAV530WTBYB.EXE"; "FSAV95.EXE"; "FSGK32.EXE"; "FSM32.EXE";
      "FSMA32.EXE"; "FSMB32.EXE"; "GATOR.EXE"; "GBMENU.EXE"; "GBPOLL.EXE";
      "GENERICS.EXE"; "GMT.EXE"; "GUARD.EXE"; "GUARDDOG.EXE";
      "HACKTRACERSETUP.EXE"; "HBINST.EXE"; "HBSRV.EXE"; "HOTACTIO.EXE";
      "HOTPATCH.EXE"; "HTLOG.EXE"; "HTPATCH.EXE"; "HWPE.EXE"; "HXDL.EXE";
      "HXIUL.EXE"; "IAMAPP.EXE"; "IAMSERV.EXE"; "IAMSTATS.EXE";
      "IBMASN.EXE"; "IBMAVSP.EXE"; "ICLOADNT.EXE"; "ICMON.EXE";
      "ICSUPP95.EXE"; "ICSUPPNT.EXE"; "IDLE.EXE"; "IEDLL.EXE";
      "IEDRIVER.EXE"; "IEXPLORER.EXE"; "IFACE.EXE"; "IFW2000.EXE";
      "INETLNFO.EXE"; "INFUS.EXE"; "INFWIN.EXE"; "INIT.EXE"; "INTDEL.EXE";
      "INTREN.EXE"; "IOMON98.EXE"; "ISTSVC.EXE"; "JAMMER.EXE";
      "JDBGMRG.EXE"; "JEDI.EXE"; "KAVLITE40ENG.EXE"; "KAVPERS40ENG.EXE";
      "KAVPF.EXE"; "KAZZA.EXE"; "KEENVALUE.EXE"; "KERIO-PF-213-EN-WIN.EXE";
      "KERIO-WRL-421-EN-WIN.EXE"; "KERIO-WRP-421-EN-WIN.EXE";
      "KERNEL32.EXE"; "KILLPROCESSSETUP161.EXE"; "LAUNCHER.EXE";
      "LDNETMON.EXE"; "LDPRO.EXE"; "LDPROMENU.EXE"; "LDSCAN.EXE";
      "LNETINFO.EXE"; "LOADER.EXE"; "LOCALNET.EXE"; "LOCKDOWN.EXE";
      "LOCKDOWN2000.EXE"; "LOOKOUT.EXE"; "LORDPE.EXE"; "LSETUP.EXE";
      "LUALL.EXE"; "LUALL.EXE"; "LUAU.EXE"; "LUCOMSERVER.EXE"; "LUINIT.EXE";
      "LUSPT.EXE"; "MAPISVC32.EXE"; "MCAGENT.EXE"; "MCMNHDLR.EXE";
      "MCSHIELD.EXE"; "MCTOOL.EXE"; "MCUPDATE.EXE"; "MCUPDATE.EXE";
      "MCVSRTE.EXE"; "MCVSSHLD.EXE"; "MD.EXE"; "MFIN32.EXE"; "MFW2EN.EXE";
      "MFWENG3.02D30.EXE"; "MGAVRTCL.EXE"; "MGAVRTE.EXE"; "MGHTML.EXE";
      "MGUI.EXE"; "MINILOG.EXE"; "MMOD.EXE"; "MONITOR.EXE"; "MOOLIVE.EXE";
      "MOSTAT.EXE"; "MPFAGENT.EXE"; "MPFSERVICE.EXE"; "MPFTRAY.EXE";
      "MRFLUX.EXE"; "MSAPP.EXE"; "MSBB.EXE"; "MSBLAST.EXE"; "MSCACHE.EXE";
      "MSCCN32.EXE"; "MSCMAN.EXE"; "MSCONFIG.EXE"; "MSDM.EXE"; "MSDOS.EXE";
      "MSIEXEC16.EXE"; "MSINFO32.EXE"; "MSLAUGH.EXE"; "MSMGT.EXE";
      "MSMSGRI32.EXE"; "MSSMMC32.EXE"; "MSSYS.EXE"; "MSVXD.EXE";
      "MU0311AD.EXE"; "MWATCH.EXE"; "N32SCANW.EXE"; "NAV.EXE";
      "AUTO-PROTECT.NAV80TRY.EXE"; "NAVAP.NAVAPSVC.EXE"; "NAVAPSVC.EXE";
      "NAVAPW32.EXE"; "NAVDX.EXE"; "NAVLU32.EXE"; "NAVNT.EXE";
      "NAVSTUB.EXE"; "NAVW32.EXE"; "NAVWNT.EXE"; "NC2000.EXE";
      "NCINST4.EXE"; "NDD32.EXE"; "NEOMONITOR.EXE"; "NEOWATCHLOG.EXE";
      "NETARMOR.EXE"; "NETD32.EXE"; "NETINFO.EXE"; "NETMON.EXE";
      "NETSCANPRO.EXE"; "NETSPYHUNTER-1.2.EXE"; "NETSTAT.EXE";
      "NETUTILS.EXE"; "NISSERV.EXE"; "NISUM.EXE"; "NMAIN.EXE"; "NOD32.EXE";
      "NORMIST.EXE"; "NORTON_INTERNET_SECU_3.0_407.EXE"; "NOTSTART.EXE";
      "NPF40_TW_98_NT_ME_2K.EXE"; "NPFMESSENGER.EXE"; "NPROTECT.EXE";
      "NPSCHECK.EXE"; "NPSSVC.EXE"; "NSCHED32.EXE"; "NSSYS32.EXE";
      "NSTASK32.EXE"; "NSUPDATE.EXE"; "NT.EXE"; "NTRTSCAN.EXE"; "NTVDM.EXE";
      "NTXconfig.EXE"; "NUI.EXE"; "NUPGRADE.EXE"; "NUPGRADE.EXE";
      "NVARCH16.EXE"; "NVC95.EXE"; "NVSVC32.EXE"; "NWINST4.EXE";
      "NWSERVICE.EXE"; "NWTOOL16.EXE"; "OLLYDBG.EXE"; "ONSRVR.EXE";
      "OPTIMIZE.EXE"; "OSTRONET.EXE"; "OTFIX.EXE"; "OUTPOST.EXE";
      "OUTPOST.EXE"; "OUTPOSTINSTALL.EXE"; "OUTPOSTPROINSTALL.EXE";
      "PADMIN.EXE"; "PANIXK.EXE"; "PATCH.EXE"; "PAVCL.EXE"; "PAVPROXY.EXE";
      "PAVSCHED.EXE"; "PAVW.EXE"; "PCFWALLICON.EXE"; "PCIP10117_0.EXE";
      "PCSCAN.EXE"; "PDSETUP.EXE"; "PERISCOPE.EXE"; "PERSFW.EXE";
      "PERSWF.EXE"; "PF2.EXE"; "PFWADMIN.EXE"; "PGMONITR.EXE";
      "PINGSCAN.EXE"; "PLATIN.EXE"; "POP3TRAP.EXE"; "POPROXY.EXE";
      "POPSCAN.EXE"; "PORTDETECTIVE.EXE"; "PORTMONITOR.EXE";
      "POWERSCAN.EXE"; "PPINUPDT.EXE"; "PPTBC.EXE"; "PPVSTOP.EXE";
      "PRIZESURFER.EXE"; "PRMT.EXE"; "PRMVR.EXE"; "PROCDUMP.EXE";
      "PROCESSMONITOR.EXE"; "PROCEXPLORERV1.0.EXE"; "PROGRAMAUDITOR.EXE";
      "PROPORT.EXE"; "PROTECTX.EXE"; "PSPF.EXE"; "PURGE.EXE";
      "QCONSOLE.EXE"; "QSERVER.EXE"; "RAPAPP.EXE"; "RAV7.EXE";
      "RAV7WIN.EXE"; "RAV8WIN32ENG.EXE"; "RAY.EXE"; "RB32.EXE";
      "RCSYNC.EXE"; "REALMON.EXE"; "REGED.EXE"; "REGEDIT.EXE";
      "REGEDT32.EXE"; "RESCUE.EXE"; "RESCUE32.EXE"; "RRGUARD.EXE";
      "RSHELL.EXE"; "RTVSCAN.EXE"; "RTVSCN95.EXE"; "RULAUNCH.EXE";
      "RUN32DLL.EXE"; "RUNDLL.EXE"; "RUNDLL16.EXE"; "RUXDLL32.EXE";
      "SAFEWEB.EXE"; "SAHAGENT.EXE"; "SAVE.EXE"; "SAVENOW.EXE";
      "SBSERV.EXE"; "SC.EXE"; "SCAM32.EXE"; "SCAN32.EXE"; "SCAN95.EXE";
      "SCANPM.EXE"; "SCRSCAN.EXE"; "SETUPVAMEEVAL.EXE";
      "SETUP_FLOWPROTECTOR_US.EXE"; "SFC.EXE"; "SGSSFW32.EXE"; "SH.EXE";
      "SHELLSPYINSTALL.EXE"; "SHN.EXE"; "SHOWBEHIND.EXE"; "SMC.EXE";
      "SMS.EXE"; "SMSS32.EXE"; "SOAP.EXE"; "SOFI.EXE"; "SPERM.EXE";
      "SPF.EXE"; "SPHINX.EXE"; "SPOLER.EXE"; "SPOOLCV.EXE"; "SPOOLSV32.EXE";
      "SPYXX.EXE"; "SREXE.EXE"; "SRNG.EXE"; "SS3EDIT.EXE"; "SSGRATE.EXE";
      "SSG_4104.EXE"; "ST2.EXE"; "START.EXE"; "STCLOADER.EXE";
      "SUPFTRL.EXE"; "SUPPORT.EXE"; "SUPPORTER5.EXE"; "SVC.EXE";
      "SVCHOSTC.EXE"; "SVCHOSTS.EXE"; "SVSHOST.EXE"; "SWEEP95.EXE";
      "SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE"; "SYMPROXYSVC.EXE";
      "SYMTRAY.EXE"; "SYSEDIT.EXE"; "SYSTEM.EXE"; "SYSTEM32.EXE";
      "SYSUPD.EXE"; "TASKMG.EXE"; "TASKMO.EXE"; "TASKMON.EXE"; "TAUMON.EXE";
      "TBSCAN.EXE"; "TC.EXE"; "TCA.EXE"; "TCM.EXE"; "TDS-3.EXE";
      "TDS2-NT.EXE"; "TEEKIDS.EXE"; "TFAK.EXE"; "TFAK5.EXE"; "TGBOB.EXE";
      "TITANIN.EXE"; "TITANINXP.EXE"; "TRACERT.EXE"; "TRICKLER.EXE";
      "TRJSCAN.EXE"; "TRJSETUP.EXE"; "TROJANTRAP3.EXE"; "TSADBOT.EXE";
      "TVMD.EXE"; "TVTMD.EXE"; "UNDOBOOT.EXE"; "UPDAT.EXE"; "UPDATE.EXE";
      "UPDATE.EXE"; "UPGRAD.EXE"; "UTPOST.EXE"; "VBCMSERV.EXE";
      "VBCONS.EXE"; "VBUST.EXE"; "VBWIN9X.EXE"; "VBWINNTW.EXE";
      "VCSETUP.EXE"; "VET32.EXE"; "VET95.EXE"; "VETTRAY.EXE"; "VFSETUP.EXE";
      "VIR-HELP.EXE"; "VIRUSMDPERSONALFIREWALL.EXE"; "VNLAN300.EXE";
      "VNPC3000.EXE"; "VPC32.EXE"; "VPC42.EXE"; "VPFW30S.EXE"; "VPTRAY.EXE";
      "VSCAN40.EXE"; "VSCENU6.02D30.EXE"; "VSCHED.EXE"; "VSECOMR.EXE";
      "VSHWIN32.EXE"; "VSISETUP.EXE"; "VSMAIN.EXE"; "VSMON.EXE";
      "VSSTAT.EXE"; "VSWIN9XE.EXE"; "VSWINNTSE.EXE"; "VSWINPERSE.EXE";
      "W32DSM89.EXE"; "W9X.EXE"; "WATCHDOG.EXE"; "WEBDAV.EXE";
      "WEBSCANX.EXE"; "WEBTRAP.EXE"; "WFINDV32.EXE"; "WHOSWATCHINGME.EXE";
      "WIMMUN32.EXE"; "WIN-BUGSFIX.EXE"; "WIN32.EXE"; "WIN32US.EXE";
      "WINACTIVE.EXE"; "WINDOW.EXE"; "WINDOWS.EXE"; "WININETD.EXE";
      "WININIT.EXE"; "WININITX.EXE"; "WINLOGIN.EXE"; "WINMAIN.EXE";
      "WINNET.EXE"; "WINPPR32.EXE"; "WINRECON.EXE"; "WINSERVN.EXE";
      "WINSSK32.EXE"; "WINSTART.EXE"; "WINSTART001.EXE"; "WINTSK32.EXE";
      "WINUPDATE.EXE"; "WKUFIND.EXE"; "WNAD.EXE"; "WNT.EXE"; "WRADMIN.EXE";
      "WRCTRL.EXE"; "WSBGATE.EXE"; "WUPDATER.EXE"; "WUPDT.EXE";
      "WYVERNWORKSFIREWALL.EXE"; "XPF202EN.EXE"; "ZAPRO.EXE";
      "ZAPSETUP3001.EXE"; "ZATUTOR.EXE"; "ZONALM2601.EXE"; "ZONEALARM.EXE";
      "_AVP32.EXE"; "_AVPCC.EXE"; "_AVPM.EXE"; "CMD.EXE"; "TASKMGR.EXE";
      "NEC.EXE"


 Dtails de fichier Langage de programmation:
Le fichier a t crit en MS Visual C++.


Logiciel de compression des fichiers excutables:
Pour entraver la dtection et pour rduire la taille du fichier il est compress avec le logiciel de compression des excutables suivant:
   • PE-Crypt

Description insérée par Sergiu Oprea le lundi 31 octobre 2005
Description mise à jour par Sergiu Oprea le mercredi 9 novembre 2005

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.