Nume:TR/BHO.D.4
Descoperit pe data de:21/09/2006
Tip:Troian
ITW:Nu
Numar infectii raportate:Scazut
Potential de raspandire:Scazut
Potential de distrugere:Scazut spre mediu
Fisier static:Da
Marime:65.536 Bytes
MD5:9b1006feb6938a6924af7f2c6fcbee1d
Versiune VDF:6.36.00.45
Versiune IVDF:6.36.00.56 - lundi 25 septembre 2006

 General Alias:
   •  Symantec: Trojan.Nethell
   •  Mcafee: Nethell
   •  Kaspersky: Trojan.Win32.BHO.d
   •  Sophos: Troj/Nethell-E
   •  VirusBuster: trojan Trojan.BHO.AJ
   •  Bitdefender: Trojan.Nethell.E


Sistem de operare:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP


Efecte secundare:
   • Blocheaza accesul la anumite website-uri
   • Creeaza un fisier
   • Modificari in registri
   • Sustrage informatii

 Fisiere Este creat fisierul:

– Fisier inofensiv:
   • %SYSDIR%\acss.txt

 Registrii sistemului Urmatoarele chei sunt adaugate in registrii sistemului:

– HKCR\NetHelper.Hook.1
   • "(Default)"="Hook Class"

– HKCR\NetHelper.Hook.1\CLSID
   • "(Default)"="{1593C741-C011-46FE-99FC-3805C28328BA}"

– HKCR\NetHelper.Hook
   • "(Default)"="Hook Class"

– HKCR\NetHelper.Hook\CLSID
   • "(Default)"="{1593C741-C011-46FE-99FC-3805C28328BA}"

– HKCR\NetHelper.Hook\CurVer
   • "(Default)"="NetHelper.Hook.1"

– HKCR\CLSID\{1593C741-C011-46FE-99FC-3805C28328BA}
   • "(Default)"="Hook Class"

– HKCR\CLSID\{1593C741-C011-46FE-99FC-3805C28328BA}\InprocServer32
   • "(Default)"="%fisier executat%"
   • "ThreadingModel"="Apartment"

– HKCR\CLSID\{1593C741-C011-46FE-99FC-3805C28328BA}\ProgID
   • "(Default)"="NetHelper.Hook.1"

– HKCR\CLSID\{1593C741-C011-46FE-99FC-3805C28328BA}\TypeLib
   • "(Default)"="{0324D9F1-2199-4424-98C7-A0E8CC45743B}"

– HKCR\CLSID\{1593C741-C011-46FE-99FC-3805C28328BA}\
   VersionIndependentProgID
   • "(Default)"="NetHelper.Hook"

– HKCR\TypeLib\{0324D9F1-2199-4424-98C7-A0E8CC45743B}\1.0
   • "(Default)"="NetHelper 1.0 Type Library"

– HKCR\TypeLib\{0324D9F1-2199-4424-98C7-A0E8CC45743B}\1.0\0\win32
   • "(Default)"="%fisier executat%"

– HKCR\TypeLib\{0324D9F1-2199-4424-98C7-A0E8CC45743B}\1.0\FLAGS
   • "(Default)"="0"

– HKCR\TypeLib\{0324D9F1-2199-4424-98C7-A0E8CC45743B}\1.0\HELPDIR
   • "(Default)"="%directorul curent%"

– HKCR\Interface\{54DCBD5A-3FDC-490F-B9AE-5B9DBAA39BEC}
   • "(Default)"="IHook"

– HKCR\Interface\{54DCBD5A-3FDC-490F-B9AE-5B9DBAA39BEC}\
   ProxyStubClsid
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– HKCR\Interface\{54DCBD5A-3FDC-490F-B9AE-5B9DBAA39BEC}\
   ProxyStubClsid32
   • "(Default)"="{00020424-0000-0000-C000-000000000046}"

– HKCR\Interface\{54DCBD5A-3FDC-490F-B9AE-5B9DBAA39BEC}\TypeLib
   • "(Default)"="{0324D9F1-2199-4424-98C7-A0E8CC45743B}"
   • "Version"="1.0"

– HKCU\Software\Nethelper
   • "LastTime"=%valori hex%

 Furt de informatii Incearca sa obtina urmatoarele informatii:
– Informatii despre contul de email, obtinute din cheia de registru: HKCU\SoftwareMicrosoft\Internet Account Manager\Accounts

– Face captura la:
    • Traficul Internet

 Detaliile fisierului Limbaj de programare:
 Limbaj de programare folosit: C (compilat cu Microsoft Visual C++).


Compresia fisierului:
Pentru a ingreuna detectia si a reduce marimea fisierului, este folosit un program de compresie runtime.

Description insérée par Bogdan Iliuta le mercredi 27 septembre 2006
Description mise à jour par Andrei Ivanes le vendredi 20 octobre 2006

Retour . . . .