Description complète

Nume:	TR/Kebede.F
Descoperit pe data de:	29/06/2005
Tip:	Troian
ITW:	Nu
Numar infectii raportate:	Scazut
Potential de raspandire:	Scazut
Potential de distrugere:	Ridicat
Fisier static:	Da
Marime:	12.304 Bytes
MD5:	d8b6aa4bf9ae89ca1eff5d86c4f45905
Versiune VDF:	6.31.00.122

General Metoda de raspandire:
   • Nu are rutina proprie de raspandire

Alias:
   • TrendMicro: TROJ_KEDEBE.E
   • Bitdefender: Trojan.Vb.ZX

Sistem de operare:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Efecte secundare:
   • Blocheaza accesul la anumite website-uri
   • Reduce setarile de securitate

Fisiere Sterge fisierele care contin unul dintre urmatoarele texte:
   • APLICA32
   • APVXDWIN
   • ATCON
   • ATRO55EN
   • AU
   • AV
   • BD_PROFESSIONAL
   • BIDEF
   • BIDSERVER
   • BISP
   • BLA
   • BOOTWARN
   • BORG2
   • BS120
   • CCAPP
   • CLEAN
   • CMD
   • COMMAND
   • CWNT
   • DEPUTY
   • DIAL
   • DPF
   • IFW2000
   • DRWEBUPW
   • EDIT
   • ENT
   • FAST
   • FIREWALL
   • FP-WIN_TRIAL
   • FRW
   • GBMENU
   • GBPOLL
   • GCAS
   • GUARD
   • HACKTRACERSETUP
   • HIJACK
   • HTLOG
   • HWPE
   • IAMAPP
   • IAMSERV
   • ICLOAD
   • ICSSUPPNT
   • ICSUPP95
   • ICSUPPNT
   • IPARMOR
   • IRIS
   • JAMMER
   • KERIO
   • LDPRO
   • LLSSEV
   • LOCALNET
   • LOCKDOWN
   • LSETUP
   • LUALL
   • LUCOMS
   • MAIN
   • MCA
   • MGR
   • MGUI
   • MINILOG
   • MON
   • MOOLIVE
   • MRFLUX
   • MSCONFIG
   • MSINFO32
   • MSSMMC32
   • MU0311AD
   • NC2000
   • NCINST4
   • NDD32
   • NETARMOR
   • NETINFO
   • NETSTAT
   • NORTO
   • MNTOR
   • NTVDM
   • NVARCH16
   • NWINST4
   • NWTOOL16
   • OSTRONET
   • OUTPOST
   • PANIXK
   • PC
   • PDSETUP
   • PERISCOPE
   • PERSFW
   • PF
   • SHN
   • PLATIN
   • PORT
   • PPINUPDT
   • PPTBC
   • PPVSTOP
   • PROC
   • PROTECT
   • PROXY
   • PSPF
   • PURGE
   • PVIEW95
   • REG
   • RESCUE
   • RTVSCN95
   • RULAUNCH
   • SAFE
   • SBSERV
   • SCAN
   • SD
   • SETUPVAMEEVAL
   • SGSSFW32
   • SHELL
   • SMSRSS
   • SNDSRVC
   • SOFI
   • SOPHO
   • SPBBCSVC
   • SPF
   • SPHINX
   • SPY
   • ST2
   • STINGER
   • SUPFTRL
   • SYMA
   • SYN
   • TITANIN
   • TRACERT
   • TRJSETUP
   • TROJAN
   • UNDOBOOT
   • UPDATE
   • UPGRADE
   • VIRUS
   • ZON

Fisiere host Fisierul

– In acest caz, inregistrarile existente sunt sterse.

– Accesul la urmatoarele domenii este blocat:
   • symantec.com; www.symantec.com; www.microsoft.com; microsoft.com;
      windowsupdate.com; securityresponse.symantec.com;
      www.windowsupdate.com; sophos.com; www.sophos.com; mcafee.com;
      definitions.symantec.com; networkassociates.com;
      downloads-eu1.kaspersky-labs.com; downloads-us1.kaspersky-labs.com;
      downloads4.kaspersky-labs.com; downloads3.kaspersky-labs.com;
      downloads2.kaspersky-labs.com; downloads1.kaspersky-labs.com;
      www.kaspersky.com; www.kaspersky-labs.com; download.mcafee.com;
      updates.symantec.com; kaspersky.com; viruslist.com;
      liveupdate.symantecliveupdate.com; www.f-secure.com; www.nai.com;
      nai.com; trendmicro.com; www.download.com; download.com;
      www.networkassociates.com; us.mcafee.com; www.zonelabs.com;
      rads.mcafee.com; download.zonelabs.com; cm2.zonelabs.com; avp.com;
      www.avp.com; update.zonelabs.com; www.mcafee.com; www.trendmicro.com;
      dispatch.mcafee.com

Fisierul hosts modificat va arata astfel:

Terminarea proceselor Procesele care contin urmatoarele siruri de caractere sunt oprite:
   • APLICA32; APVXDWIN; ATCON; ATRO55EN; AU; AV; BD_PROFESSIONAL; BIDEF;
      BIDSERVER; BISP; BLA; BOOTWARN; BORG2; BS120; CCAPP; CLEAN; CMD;
      COMMAND; CWNT; DEPUTY; DIAL; DPF; IFW2000; DRWEBUPW; EDIT; ENT; FAST;
      FIREWALL; FP-WIN_TRIAL; FRW; GBMENU; GBPOLL; GCAS; GUARD;
      HACKTRACERSETUP; HIJACK; HTLOG; HWPE; IAMAPP; IAMSERV; ICLOAD;
      ICSSUPPNT; ICSUPP95; ICSUPPNT; IPARMOR; IRIS; JAMMER; KERIO; LDPRO;
      LLSSEV; LOCALNET; LOCKDOWN; LSETUP; LUALL; LUCOMS; MAIN; MCA; MGR;
      MGUI; MINILOG; MON; MOOLIVE; MRFLUX; MSCONFIG; MSINFO32; MSSMMC32;
      MU0311AD; NC2000; NCINST4; NDD32; NETARMOR; NETINFO; NETSTAT; NORTO;
      MNTOR; NTVDM; NVARCH16; NWINST4; NWTOOL16; OSTRONET; OUTPOST; PANIXK;
      PC; PDSETUP; PERISCOPE; PERSFW; PF; SHN; PLATIN; PORT; PPINUPDT;
      PPTBC; PPVSTOP; PROC; PROTECT; PROXY; PSPF; PURGE; PVIEW95; REG;
      RESCUE; RTVSCN95; RULAUNCH; SAFE; SBSERV; SCAN; SD; SETUPVAMEEVAL;
      SGSSFW32; SHELL; SMSRSS; SNDSRVC; SOFI; SOPHO; SPBBCSVC; SPF; SPHINX;
      SPY; ST2; STINGER; SUPFTRL; SYMA; SYN; TITANIN; TRACERT; TRJSETUP;
      TROJAN; UNDOBOOT; UPDATE; UPGRADE; VIRUS; ZON

Alte informatii Mutex:
Creeaza urmatorul mutex:
• DroppedKebede

Detaliile fisierului Limbaj de programare:
Limbaj de programare folosit: Visual Basic.

Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit urmatorul program de arhivare:
• UPX

Description insérée par Irina Boldea le mardi 28 mars 2006
Description mise à jour par Irina Boldea le mardi 28 mars 2006

Retour . . . .

Protection avancée pour votre PC

Produits gratuits

Les plus populaires

Tous les produits

Offres groupées

Stations de travail

Server

Offres groupées

Mail Gateways

Web Gateways

Plateformes collaboratives

Particuliers

Entreprises

Virus Lab

Support avancé

Programme Avira Partner

Particuliers

Entreprises

Une simple évaluation vous suffit ?

Manuels et outils