Nume:Worm/Mytob.BM.5
Descoperit pe data de:11/11/2005
Tip:Vierme
ITW:Da
Numar infectii raportate:Scazut
Potential de raspandire:Mediu
Potential de distrugere:Mediu
Fisier static:Da
Marime:39.936 Bytes
MD5:c2607afceb23d33180e12b3a58f972ae
Versiune VDF:6.33.00.10

 General Metoda de raspandire:
   • Email


Alias:
   •  Kaspersky: Net-Worm.Win32.Mytob.bm
   •  TrendMicro: WORM_MYTOB.GW
   •  Sophos: W32/Mytob-FI
   •  Bitdefender: Win32.Worm.Mytob.BN


Sistem de operare:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows 2000
   • Windows XP


Efecte secundare:
   • Blocheaza accesul la anumite website-uri
   • Utilizeaza propriul motor de email
   • Reduce setarile de securitate
   • Modificari in registri
   • Sustrage informatii

 Fisiere Se copiaza in urmatoarea locatie:
   • %SYSDIR%\expI0rer.exe

 Registrii sistemului Se adauga una din valorile urmatoare pentru fiecare cheie din registri, pentru a porni procesul dupa reboot:

–  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   • "WINDOWS SYSTEM"="expI0rer.exe"

–  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
   • "WINDOWS SYSTEM"="expI0rer.exe"



Urmatoarea cheie din registri este modificata:

Dezactiveaza Windows Firewall:
– HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
   Vechea valoare:
   • "Start"=%setarile utilizatorului%
   Noua valoare:
   • "Start"=dword:00000004

 Email Are un motor SMTP integrat. Va fi facuta o conexiune directa cu serverul destinatar. Iata caracteristicile lui:


De la:
Adrese generate. Va rugam nu presupuneti ca a fost intentia expeditorului sa va trimita acest email. Este posibil ca el sa nu stie ca este infectat sau chiar sa nu aiba sistemul infectat. In plus, este posibil sa primiti email-uri returnate care sa va indice ca sunteti infectat, lucru care poate fi de asemenea fals.


Catre:
– Adrese de email gasite pe sistem.
– Adrese generate


Subiect:
Unul din urmatoarele:
   • Your password has been updated
   • Your password has been successfully updated
   • You have successfully updated your password
   • Your new account password is approved
   • Your Account is Suspended
   • *DETECTED* Online User Violation
   • Your Account is Suspended For Security Reasons
   • Warning Message: Your services near to be closed.
   • Important Notification
   • Members Support
   • Security measures
   • Email Account Suspension
   • Notice of account limitation

In plus, subiectul email-ului ar putea contine litere aleatoare.


Corpul email-ului:
– Contine cod HTML.
Corpul email-ului este unul din textele:

   • Dear user %nume utilizator al adresei destinatarului% ,
     You have successfully updated the password of your %domeniul destinatarului din adresa de email% account.
     If you did not authorize this change or if you need assistance with your account, please contact %s customer service at:%adresa expeditorului%
     Thank you for using %domeniul expeditorului%!
     The %domeniul expeditorului% Support Team
     
     +++ Attachment: No Virus (Clean)
     +++ %domeniul expeditorului% Antivirus - www.%nume domeniu si domeniu top level al adresei expeditorului%

   • Dear user %nume utilizator al adresei destinatarului%,
     It has come to our attention that your %domeniul destinatarului din adresa de email% User Profile ( x ) records are out of date.
     For further details see the attached document.
     Thank you for using %domeniul expeditorului%!
     The %domeniul expeditorului% Support Team
     
     +++ Attachment: No Virus (Clean)
     +++ %domeniul expeditorului% Antivirus - www.%sender's domain name and top level domain from email addr

   • Dear %domeniul destinatarului% Member,
     We have temporarily suspended your email account %adresa destinatarului% .
     This might be due to either of the following reasons:
     1. A recent change in your personal information (i.e. change of address).
     2. Submiting invalid information during the initial sign up process.
     3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
     See the details to reactivate your %domeniul destinatarului% account.
     Sincerely,The %domeniul expeditorului% Support Team
     
     +++ Attachment: No Virus (Clean)
     +++ %domeniul expeditorului% Antivirus - www.%nume domeniu si domeniu top level al adresei expeditorului%

   • Dear %domeniul destinatarului% Member,
     Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with
     the online service.
     If you choose to ignore our request, you leave us no choice but to cancel your membership.
     Virtually yours,
     The %domeniul expeditorului% Support Team
     
     +++ Attachment: No Virus found
     +++ %domeniul expeditorului% Antivirus - www.%nume domeniu si domeniu top level al adresei expeditorului%


Atasament:
Numele fisierelor atasate este alcatuit dupa cum urmeaza:

–  Incepe cu unul din urmatoarele:
   • updated-password
   • email-password
   • new-password
   • password
   • approved-password
   • account-password
   • accepted-password
   • important-details
   • account-details
   • email-details
   • account-info
   • document
   • readme
   • account-report
   • %combinatie de caractere aleatoare%

    Extensia fisierului este una din urmatoarele:
   • .zip

Atasamentul este o copie malware.

 Email Cautare adrese:
Cauta adrese de email in urmatoarele fisiere:
   • txt; htm; sht; jsp; cgi; xml; php; asp; dbx; tbb; adb; html; wab


Genereaza adrese pentru campul expeditorului:
Pentru a genera adrese foloseste urmatoarele texte:
   • admin
   • administrator
   • info
   • mail
   • register
   • service
   • support
   • webmaster

Combina rezultatul cu domeniile din urmatoarea lista sau cu domeniile gasite in fisierele de pe sistem.

Domeniul este unul din urmatoarele:
   • acecomm.com; agilent.com; ais.org; alcatel.fr; attbi.com; bguyton.com;
      broadcom.com; cisco.com; cmg.nl; cnt.com; creath.net; elf.stuba.sk;
      familiehaase.de; globespanvirata.com; gmx.net; guninski.com;
      help.mysearch.com; ibr.cs.tu-bs.de; ieee.org; imar.ro; inet.no;
      inktomi.com; is.aist-nara.ac.jp; lids.org; lucent.com;
      mmilgram.nospammail.net; myrealbox.com; net.utcluj.ro; netilla.com;
      nexthop.com; nokia.com; oberheide.org; ols.es; poss.com; radware.com;
      renfro.org; rose.hp.com; samba.org; siemens.com; swissvoice.net;
      sysinternals.com; testvir.de; tiscali.be; t-online.de; tricom.co.kr;
      ucw.cz; vanderwerff.org; yahoo.com; 163.com; au.padl.com; axis.com;
      blue-cable.de; cc.hut.fi; cisco.com; comverse.com; dooz.org;
      enterasys.com; ferrari.de; gimp.org; gmail.com; holtmann.org;
      hprnd.rose.hp.com; jhcloos.com; lava.net; lucent.com; mac.com;
      med.ge.com; mobilitylab.net; motorola.com; night-ray.com; nokia.com;
      nomadiclab.com; novell.com; pacific.net.au; rarsoft.de; rcpt.to;
      rd.francetelecom.fr; scripty.com; telus.net; testvir.de; wanadoo.fr;
      xs4all.nl; zk3.dec.com; ac.upc.es; alinet.it; ap.univie.ac.at;
      arrisi.com; axis.com; bluearc.com; dcit.cz; dirksteinberg.de;
      dorothy.bmc.com; ericsson.com; erkkila.org; flexiblesoft.com;
      havoq.com; innoventif.com; it.su.se; kiz.uni-ulm.de; lucent.com;
      mail.com; mxtelecom.com; netmarks.co.jp; netsystem.cz; nomadiclab.com;
      nosila.net; polynet.lviv.ua; pro.ro; rd.francetelecom.fr;
      shaftnet.org; siemens.hr; soronlin.org.uk; tesionmail.de; testvir.de;
      thewrittenword.com; tislabs.com; ttd.net; tutopia.com; unit.liu.se;
      w4g.org; wasted.com; webspan.net; weekly.org; accellent-group.com;
      altavista.net; arcor.de; arubanetworks.com; axis.com; bellsouth.net;
      cargill.com; cc.in2p3.fr; cisco.com; cray.com; distributopia.com;
      dorothy.bmc.com; elipsan.com; elsa.de; errno.com; fla.fujitsu.com;
      fvc.com; gmx.net; gtech.com; ibsncentral.com; iki.fi; intersil.com;
      irisa.fr; iskratel.si; iskrauraltel.ru; laposte.net; lucent.com;
      mac.com; mail.com; mediatrix.com; monkey.org; moufrei.de; narwani.org;
      opticalaccess.com; oracle.com; qualcomm.com; seh.de; skulski.com;
      testvir.de; tml.hut.fi; uroam.com; veufort.com; vjet.demon.co.uk;
      wanadoo.fr; waters.co.nz; yahoo.com; 2scale.net; aet.tu-cottbus.de;
      almaw.com; bs2.qnes.nec.co.jp; buysoft.co.kr; cisco.com; comcast.net;
      cosinecom.com; dei.inf.uc3m.es; endace.com; ericsson.com; flash.net;
      frascone.com; gmx.at; hms.se; hsc.fr; icn.siemens.de;
      is.aist-nara.ac.jp; isarnet.de; kame.net; libero.it; mn-logistik.de;
      netapp.com; networld.com; nortelnetworks.com; pobox.com; promus.com;
      quarta.msk.ru; sxb.bsf.alcatel.fr; talarian.com; testvir.de;
      tibco.com; ulticom.com; utstar.com; visualnetworks.com; wanadoo.fr;
      well.com; windows.gui.asm32.elite.coder.com; world.std.com; xbill.org;
      xs4all.nl; yahoo.com; zhwin.ch; aemail4u.com; avm.de; axis.com;
      baynetworks.com; bernd-becker.de; bgnett.no; box43.pl; cablelabs.com;
      cloud.net.au; colomsat.net.co; defsol.se; dpcomputing.com.au;
      fourhorsemen.org; fusemail.com; fz-juelich.de; gentoo.org;
      gf7.so-net.ne.jp; gmx.net; golftalma.fi; hawkins.emu.id.au;
      icon-sult.de; iki.fi; innocent.com; ins.com; ipaccess.com; isurfer.ca;
      it.uu.se; lebanon-online.com.lb; lists.sourceforge.net; logicacmg.com;
      lucent.com; mac.com; ms22.hinet.net; netinst.com; norwoodsystems.com;
      nt.hirschmann.de; pe.net; polettix.it; rarsoft.com; rarsoft.de;
      siemens.com; snmp.com; soft.net.fujitsu.co.jp; ssh.com; st.com;
      st.net.au; sun.com; tahoenetworks.fi; testvir.de; tilab.com;
      tipsybottle.com; users.sourceforge.net; utstar.com; yahoo.com;
      yifan.net; attbi.com; baynetworks.com; cisco.com; cnsonline.net;
      cognicaseusa.com; dorothy.bmc.com; energis-squared.com;
      esperi.demon.co.uk; fieldses.org; fl.net.au; gmx.net; heathens.co.nz;
      iclip.ch; iij.ad.jp; ipaccess.com; juniper.net; lucent.com;
      lyckegaard.dk; memcpy.com; monkey.org; msdirectservices.com;
      netapp.com; nortelnetworks.com; ozemail.com.au; radisys.com; rar.cz;
      rarsoft.com; rarsoft.net; redback.com; roy.org; san.rr.com; sra.co.jp;
      stud.uni-karlsruhe.de; teamon.com; testvir.de; utouto.com; web.de;
      yahoo.com; 2scale.net; arca-technologies.com; bmc.com;
      boogers.sf.ca.us; broadcom.com; cisco.com; colubris.com; di.uminho.pt;
      dorothy.bmc.com; erwinrol.com; eur.3com.com; geeky-boy.com; hush.com;
      icn.siemens.de; inner.net; knowledgebase.com; mrv.com; nokia.com;
      nortelnetworks.com; openreach.com; pcisys.net; poczta.onet.pl;
      quick.cz; rarsoft.net; rd.francetelecom.fr; siemens.com; testvir.de;
      tut.by; typedef.org; wasabisystems.com; web.de; winternals.com;
      witness.com


Genereaza adrese pentru campul destinatarului:
Pentru a genera adrese foloseste urmatoarele texte:
   • john; josh; alex; michael; james; mike; kevin; david; george; sam;
      andrew; jose; leo; maria; jim; brian; serg; mary; ray; tom; peter;
      robert; bob; jane; joe; dan; dave; matt; steve; smith; stan; bill;
      bob; jack; fred; ted; paul; brent; sales; anna; brenda; claudia;
      debby; helen; jerry; jimmy; julie; linda; michael; frank; adam; sandra

Foloseste aceeasi lista de domenii, deja mentionata.


Adrese evitate:
Nu trimite email-uri la adrese care contin unul din urmatoarele siruri de caractere:
   • avp; syma; icrosof; msn.; hotmail; panda; sopho; borlan; inpris;
      example; mydomai; nodomai; ruslis; .gov; gov.; .mil; foo.; Aberkeley;
      unix; math; bsd; mit.e; gnu; fsf.; ibm.com; google; kernel; linux;
      fido; usenet; iana; ietf; rfc-ed; sendmail; arin.; ripe.; isi.e;
      isc.o; secur; acketst; pgp; tanford.e; utgers.ed; mozilla; be_loyal:";
      Aroot; info; samples; postmaster; webmaster; noone; nobody; nothing;
      anyone; someone; your; you; bugs; rating; site; contact; soft;
      somebody; privacy; service; help; not; submit; feste; gold-certs;
      the.bat; page; admin; icrosoft; support; ntivi; unix; bsd; linux;
      listserv; certific; google; accoun; spm; fcnz; www; secur; abuse; .edu


Prefixeaza domeniile adreselor de email:
Pentru a afla IP-ul serverului de mail, poate adauga inaintea domeniului urmatoarele siruri de caractere:
   • mx.
   • mail.
   • smtp.
   • mx1.
   • mxs.
   • mail1.
   • relay.
   • ns.
   • gate.

 IRC Pentru a trimite informatii si pentru a fi controlat se conecteaza la serverul IRC:

Server: gi**********.info
Port: 5190
Canal: #friendzzz
Nick: SHIM-%sir de 6 caractere aleatoare%
Parola: biggie



– Acest malware poate obtine si trimite infomatii cum ar fi:
    • Memorie nealocata
    • Timpul de cand malware-ul a fost lansat in executie
    • Cantitatea de memorie
    • Informatii despre sistemul de operare


– In plus, poate efectua urmatoarele operatii:
    • conectare server IRC
    • deconectare server IRC
    • descarcare fisier
    • executarea unui fisier
    • trimitere email-uri
    • Se actualizeaza singur

 Fisiere host Fisierul

– Accesul la urmatoarele domenii este blocat:
   • www.symantec.com; securityresponse.symantec.com; symantec.com;
      www.sophos.com; sophos.com; www.mcafee.com; mcafee.com;
      liveupdate.symantecliveupdate.com; www.viruslist.com; viruslist.com;
      viruslist.com; f-secure.com; www.f-secure.com; kaspersky.com;
      kaspersky-labs.com; www.avp.com; www.kaspersky.com; avp.com;
      www.networkassociates.com; networkassociates.com; www.ca.com; ca.com;
      mast.mcafee.com; my-etrust.com; www.my-etrust.com;
      download.mcafee.com; dispatch.mcafee.com; secure.nai.com; nai.com;
      www.nai.com; update.symantec.com; updates.symantec.com; us.mcafee.com;
      liveupdate.symantec.com; customer.symantec.com; rads.mcafee.com;
      trendmicro.com; pandasoftware.com; www.pandasoftware.com;
      www.trendmicro.com; www.grisoft.com; www.microsoft.com; microsoft.com;
      www.virustotal.com; virustotal.com; www.amazon.com; www.amazon.co.uk;
      www.amazon.ca; www.amazon.fr; www.paypal.com; paypal.com;
      moneybookers.com; www.moneybookers.com; www.ebay.com; ebay.com




Fisierul hosts modificat va arata astfel:


 Terminarea proceselor Lista cu procesele oprite:
   • _AVP32.EXE; _AVPCC.EXE; _AVPM.EXE; ACKWIN32.EXE; ADAWARE.EXE;
      ADVXDWIN.EXE; AGENTSVR.EXE; AGENTW.EXE; ALERTSVC.EXE; ALEVIR.EXE;
      ALOGSERV.EXE; AMON9X.EXE; ANTI-TROJAN.EXE; ANTIVIRUS.EXE; ANTS.EXE;
      APIMONITOR.EXE; APLICA32.EXE; APVXDWIN.EXE; ARR.EXE; ATCON.EXE;
      ATGUARD.EXE; ATRO55EN.EXE; ATUPDATER.EXE; ATWATCH.EXE; AU.EXE;
      AUPDATE.EXE; AUTODOWN.EXE; AUTO-PROTECT.NAV80TRY.EXE; AUTOTRACE.EXE;
      AUTOUPDATE.EXE; AVCONSOL.EXE; AVE32.EXE; AVGCC32.EXE; AVGCTRL.EXE;
      AVGNT.EXE; AVGSERV.EXE; AVGSERV9.EXE; AVGUARD.EXE; AVGW.EXE;
      AVKPOP.EXE; AVKSERV.EXE; AVKSERVICE.EXE; AVKWCTl9.EXE; AVLTMAIN.EXE;
      AVNT.EXE; AVP.EXE; AVP32.EXE; AVPCC.EXE; AVPDOS32.EXE; AVPM.EXE;
      AVPTC32.EXE; AVPUPD.EXE; AVSCHED32.EXE; AVSYNMGR.EXE; AVWINNT.EXE;
      AVWUPD.EXE; AVWUPD32.EXE; AVWUPSRV.EXE; AVXMONITOR9X.EXE;
      AVXMONITORNT.EXE; AVXQUAR.EXE; BACKWEB.EXE; BARGAINS.EXE;
      BD_PROFESSIONAL.EXE; BEAGLE.EXE; BELT.EXE; BIDEF.EXE; BIDSERVER.EXE;
      BIPCP.EXE; BIPCPEVALSETUP.EXE; BISP.EXE; BLACKD.EXE; BLACKICE.EXE;
      BLSS.EXE; BOOTCONF.EXE; BOOTWARN.EXE; BORG2.EXE; BPC.EXE; BRASIL.EXE;
      BS120.EXE; BUNDLE.EXE; BVT.EXE; CCAPP.EXE; CCEVTMGR.EXE; CCPXYSVC.EXE;
      CDP.EXE; CFD.EXE; CFGWIZ.EXE; CFIADMIN.EXE; CFIAUDIT.EXE; CFINET.EXE;
      CFINET32.EXE; CLAW95CF.EXE; CLEAN.EXE; CLEANER.EXE; CLEANER3.EXE;
      CLEANPC.EXE; CLICK.EXE; CMD.EXE; CMD32.EXE; CMESYS.EXE; CMGRDIAN.EXE;
      CMON016.EXE; CONNECTIONMONITOR.EXE; CPD.EXE; CPF9X206.EXE;
      CPFNT206.EXE; CTRL.EXE; CV.EXE; CWNB181.EXE; CWNTDWMO.EXE;
      DATEMANAGER.EXE; DCOMX.EXE; DEFALERT.EXE; DEFSCANGUI.EXE;
      DEFWATCH.EXE; DEPUTY.EXE; DIVX.EXE; DLLCACHE.EXE; DLLREG.EXE;
      DOORS.EXE; DPF.EXE; DPFSETUP.EXE; DPPS2.EXE; DRWATSON.EXE;
      DRWEB32.EXE; DRWEBUPW.EXE; DSSAGENT.EXE; DVP95.EXE; DVP95_0.EXE;
      ECENGINE.EXE; EFPEADM.EXE; EMSW.EXE; ENT.EXE; ESAFE.EXE; ESCANHNT.EXE;
      ESCANV95.EXE; ESPWATCH.EXE; ETHEREAL.EXE; ETRUSTCIPE.EXE; EVPN.EXE;
      EXANTIVIRUS-CNET.EXE; EXE.AVXW.EXE; EXPERT.EXE; EXPLORE.EXE;
      FAMEH32.EXE; FAST.EXE; FCH32.EXE; FIH32.EXE; FINDVIRU.EXE;
      FIREWALL.EXE; FNRB32.EXE; FPROT.EXE; F-PROT.EXE; F-PROT95.EXE;
      FP-WIN.EXE; FP-WIN_TRIAL.EXE; FRW.EXE; FSAA.EXE; FSAV.EXE; FSAV32.EXE;
      FSAV530STBYB.EXE; FSAV530WTBYB.EXE; FSAV95.EXE; FSGK32.EXE; FSM32.EXE;
      FSMA32.EXE; FSMB32.EXE; F-STOPW.EXE; GATOR.EXE; GBMENU.EXE;
      GBPOLL.EXE; GENERICS.EXE; GMT.EXE; GUARD.EXE; GUARDDOG.EXE;
      HACKTRACERSETUP.EXE; HBINST.EXE; HBSRV.EXE; HOTACTIO.EXE;
      HOTPATCH.EXE; HTLOG.EXE; HTPATCH.EXE; HWPE.EXE; HXDL.EXE; HXIUL.EXE;
      IAMAPP.EXE; IAMSERV.EXE; IAMSTATS.EXE; IBMASN.EXE; IBMAVSP.EXE;
      ICLOADNT.EXE; ICMON.EXE; ICSUPP95.EXE; ICSUPPNT.EXE; IDLE.EXE;
      IEDLL.EXE; IEDRIVER.EXE; IEXPLORER.EXE; IFACE.EXE; IFW2000.EXE;
      INETLNFO.EXE; INFUS.EXE; INFWIN.EXE; INIT.EXE; INTDEL.EXE; INTREN.EXE;
      IOMON98.EXE; ISTSVC.EXE; JAMMER.EXE; JDBGMRG.EXE; JEDI.EXE;
      KAVLITE40ENG.EXE; KAVPERS40ENG.EXE; KAVPF.EXE; KAZZA.EXE;
      KEENVALUE.EXE; KERIO-PF-213-EN-WIN.EXE; KERIO-WRL-421-EN-WIN.EXE;
      KERIO-WRP-421-EN-WIN.EXE; KERNEL32.EXE; KILLPROCESSSETUP161.EXE;
      LAUNCHER.EXE; LDNETMON.EXE; LDPRO.EXE; LDPROMENU.EXE; LDSCAN.EXE;
      LNETINFO.EXE; LOADER.EXE; LOCALNET.EXE; LOCKDOWN.EXE;
      LOCKDOWN2000.EXE; LOOKOUT.EXE; LORDPE.EXE; LSETUP.EXE; LUALL.EXE;
      LUAU.EXE; LUCOMSERVER.EXE; LUINIT.EXE; LUSPT.EXE; MAPISVC32.EXE;
      MCAGENT.EXE; MCMNHDLR.EXE; MCSHIELD.EXE; MCTOOL.EXE; MCUPDATE.EXE;
      MCVSRTE.EXE; MCVSSHLD.EXE; MD.EXE; MFIN32.EXE; MFW2EN.EXE;
      MFWENG3.02D30.EXE; MGAVRTCL.EXE; MGAVRTE.EXE; MGHTML.EXE; MGUI.EXE;
      MINILOG.EXE; MMOD.EXE; MONITOR.EXE; MOOLIVE.EXE; MOSTAT.EXE;
      MPFAGENT.EXE; MPFSERVICE.EXE; MPFTRAY.EXE; MRFLUX.EXE; MSAPP.EXE;
      MSBB.EXE; MSBLAST.EXE; MSCACHE.EXE; MSCCN32.EXE; MSCMAN.EXE;
      MSCONFIG.EXE; MSDM.EXE; MSDOS.EXE; MSIEXEC16.EXE; MSINFO32.EXE;
      MSLAUGH.EXE; MSMGT.EXE; MSMSGRI32.EXE; MSSMMC32.EXE; MSSYS.EXE;
      MSVXD.EXE; MU0311AD.EXE; MWATCH.EXE; N32SCANW.EXE; NAV.EXE;
      NAVAP.NAVAPSVC.EXE; NAVAPSVC.EXE; NAVAPW32.EXE; NAVDX.EXE;
      NAVLU32.EXE; NAVNT.EXE; NAVSTUB.EXE; NAVW32.EXE; NAVWNT.EXE;
      NC2000.EXE; NCINST4.EXE; NDD32.EXE; NEC.EXE; NEOMONITOR.EXE;
      NEOWATCHLOG.EXE; NETARMOR.EXE; NETD32.EXE; NETINFO.EXE; NETMON.EXE;
      NETSCANPRO.EXE; NETSPYHUNTER-1.2.EXE; NETSTAT.EXE; NETUTILS.EXE;
      NISSERV.EXE; NISUM.EXE; NMAIN.EXE; NOD32.EXE; NORMIST.EXE;
      NORTON_INTERNET_SECU_3.0_407.EXE; NOTSTART.EXE;
      NPF40_TW_98_NT_ME_2K.EXE; NPFMESSENGER.EXE; NPROTECT.EXE;
      NPSCHECK.EXE; NPSSVC.EXE; NSCHED32.EXE; NSSYS32.EXE; NSTASK32.EXE;
      NSUPDATE.EXE; NT.EXE; NTRTSCAN.EXE; NTVDM.EXE; NTXconfig.EXE; NUI.EXE;
      NUPGRADE.EXE; NVARCH16.EXE; NVC95.EXE; NVSVC32.EXE; NWINST4.EXE;
      NWSERVICE.EXE; NWTOOL16.EXE; OLLYDBG.EXE; ONSRVR.EXE; OPTIMIZE.EXE;
      OSTRONET.EXE; OTFIX.EXE; OUTPOST.EXE; OUTPOSTINSTALL.EXE;
      OUTPOSTPROINSTALL.EXE; PADMIN.EXE; PANIXK.EXE; PATCH.EXE; PAVCL.EXE;
      PAVPROXY.EXE; PAVSCHED.EXE; PAVW.EXE; PCFWALLICON.EXE;
      PCIP10117_0.EXE; PCSCAN.EXE; PDSETUP.EXE; PERISCOPE.EXE; PERSFW.EXE;
      PERSWF.EXE; PF2.EXE; PFWADMIN.EXE; PGMONITR.EXE; PINGSCAN.EXE;
      PLATIN.EXE; POP3TRAP.EXE; POPROXY.EXE; POPSCAN.EXE; PORTDETECTIVE.EXE;
      PORTMONITOR.EXE; POWERSCAN.EXE; PPINUPDT.EXE; PPTBC.EXE; PPVSTOP.EXE;
      PRIZESURFER.EXE; PRMT.EXE; PRMVR.EXE; PROCDUMP.EXE;
      PROCESSMONITOR.EXE; PROCEXPLORERV1.0.EXE; PROGRAMAUDITOR.EXE;
      PROPORT.EXE; PROTECTX.EXE; PSPF.EXE; PURGE.EXE; QCONSOLE.EXE;
      QSERVER.EXE; RAPAPP.EXE; RAV7.EXE; RAV7WIN.EXE; RAV8WIN32ENG.EXE;
      RAY.EXE; RB32.EXE; RCSYNC.EXE; REALMON.EXE; REGED.EXE; REGEDIT.EXE;
      REGEDT32.EXE; RESCUE.EXE; RESCUE32.EXE; RRGUARD.EXE; RSHELL.EXE;
      RTVSCAN.EXE; RTVSCN95.EXE; RULAUNCH.EXE; RUN32DLL.EXE; RUNDLL.EXE;
      RUNDLL16.EXE; RUXDLL32.EXE; SAFEWEB.EXE; SAHAGENT.EXE; SAVE.EXE;
      SAVENOW.EXE; SBSERV.EXE; SC.EXE; SCAM32.EXE; SCAN32.EXE; SCAN95.EXE;
      SCANPM.EXE; SCRSCAN.EXE; SETUP_FLOWPROTECTOR_US.EXE;
      SETUPVAMEEVAL.EXE; SFC.EXE; SGSSFW32.EXE; SH.EXE; SHELLSPYINSTALL.EXE;
      SHN.EXE; SHOWBEHIND.EXE; SMC.EXE; SMS.EXE; SMSS32.EXE; SOAP.EXE;
      SOFI.EXE; SPERM.EXE; SPF.EXE; SPHINX.EXE; SPOLER.EXE; SPOOLCV.EXE;
      SPOOLSV32.EXE; SPYXX.EXE; SREXE.EXE; SRNG.EXE; SS3EDIT.EXE;
      SSG_4104.EXE; SSGRATE.EXE; ST2.EXE; START.EXE; STCLOADER.EXE;
      SUPFTRL.EXE; SUPPORT.EXE; SUPPORTER5.EXE; SVC.EXE; SVCHOSTC.EXE;
      SVCHOSTS.EXE; SVSHOST.EXE; SWEEP95.EXE;
      SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE; SYMPROXYSVC.EXE; SYMTRAY.EXE;
      SYSEDIT.EXE; SYSTEM.EXE; SYSTEM32.EXE; SYSUPD.EXE; TASKMG.EXE;
      TASKMGR.EXE; TASKMO.EXE; TASKMON.EXE; TAUMON.EXE; TBSCAN.EXE; TC.EXE;
      TCA.EXE; TCM.EXE; TDS2-NT.EXE; TDS-3.EXE; TEEKIDS.EXE; TFAK.EXE;
      TFAK5.EXE; TGBOB.EXE; TITANIN.EXE; TITANINXP.EXE; TRACERT.EXE;
      TRICKLER.EXE; TRJSCAN.EXE; TRJSETUP.EXE; TROJANTRAP3.EXE; TSADBOT.EXE;
      TVMD.EXE; TVTMD.EXE; UNDOBOOT.EXE; UPDAT.EXE; UPDATE.EXE; UPGRAD.EXE;
      UTPOST.EXE; VBCMSERV.EXE; VBCONS.EXE; VBUST.EXE; VBWIN9X.EXE;
      VBWINNTW.EXE; VCSETUP.EXE; VET32.EXE; VET95.EXE; VETTRAY.EXE;
      VFSETUP.EXE; VIR-HELP.EXE; VIRUSMDPERSONALFIREWALL.EXE; VNLAN300.EXE;
      VNPC3000.EXE; VPC32.EXE; VPC42.EXE; VPFW30S.EXE; VPTRAY.EXE;
      VSCAN40.EXE; VSCENU6.02D30.EXE; VSCHED.EXE; VSECOMR.EXE; VSHWIN32.EXE;
      VSISETUP.EXE; VSMAIN.EXE; VSMON.EXE; VSSTAT.EXE; VSWIN9XE.EXE;
      VSWINNTSE.EXE; VSWINPERSE.EXE; W32DSM89.EXE; W9X.EXE; WATCHDOG.EXE;
      WEBDAV.EXE; WEBSCANX.EXE; WEBTRAP.EXE; WFINDV32.EXE;
      WHOSWATCHINGME.EXE; WIMMUN32.EXE; WIN32.EXE; WIN32US.EXE;
      WINACTIVE.EXE; WIN-BUGSFIX.EXE; WINDOW.EXE; WINDOWS.EXE; WININETD.EXE;
      WININIT.EXE; WININITX.EXE; WINLOGIN.EXE; WINMAIN.EXE; WINNET.EXE;
      WINPPR32.EXE; WINRECON.EXE; WINSERVN.EXE; WINSSK32.EXE; WINSTART.EXE;
      WINSTART001.EXE; WINTSK32.EXE; WINUPDATE.EXE; WKUFIND.EXE; WNAD.EXE;
      WNT.EXE; WRADMIN.EXE; WRCTRL.EXE; WSBGATE.EXE; WUPDATER.EXE;
      WUPDT.EXE; WYVERNWORKSFIREWALL.EXE; XPF202EN.EXE; ZAPRO.EXE;
      ZAPSETUP3001.EXE; ZATUTOR.EXE; ZONALM2601.EXE; ZONEALARM.EXE


 Alte informatii Mutex:
Creeaza urmatorul mutex:
   • H-E-L-L-B-O-T-P-O-L-Y-M-O-R-P-H

 Detaliile fisierului Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit urmatorul program de arhivare:
   • UPX

Description insérée par Irina Boldea le vendredi 11 novembre 2005
Description mise à jour par Andrei Gherman le lundi 30 janvier 2006

Retour . . . .