Nume:TR/Dldr.FraudLoa.NC
Descoperit pe data de:01/08/2008
Tip:Troian
ITW:Da
Numar infectii raportate:Mediu
Potential de raspandire:Scazut
Potential de distrugere:Scazut
Fisier static:Nu
Versiune IVDF:7.00.05.203 - vendredi 1 août 2008

 General Metoda de raspandire:
   • Nu are rutina proprie de raspandire


Alias:
   •  Symantec: XPAntivirus
   •  Mcafee: FakeAlert-AQ trojan
   •  Kaspersky: not-a-virus:FraudTool.Win32.MalwareProtector.r
   •  F-Secure: not-a-virus:FraudTool.Win32.MalwareProtector.r
   •  Panda: Application/AntivirusXP2008
   •  Eset: Win32/TrojanDownloader.FakeAlert.FK trojan
   •  Bitdefender: Trojan.FakeAlert.AAP


Sistem de operare:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Efecte secundare:
   • Blocheaza accesul la anumite website-uri
   • Creeaza un fisier

 Fisiere Este creat fisierul:

– %TEMPDIR%\adpg.bat Fisierul este executat dupa ce a fost creat. Fisierul batch este folosit pentru stergerea unui fisier.

 Fisiere host – Accesul la urmatoarele domenii este redirectionat catre alte destinatii:
   • mac.com; nytimes.com; download.com; gamespot.com; partypoker.com;
      mediafire.com; geocities.com; megaupload.com; about.com;
      deviantart.com; yourfilehost.com; 56.com; apple.com; adobe.com;
      imagevenue.com; livejournal.com; mininova.com; redtube.com;
      craigslist.com; tinyurl.com; go.com; adultfriendfinder.com;
      skyrock.com; friendster.com; flickr.com; wordpress.com; youporn.com;
      imdb.com; amazon.com; photobucket.com; aol.com; hi5.com; ebay.com;
      rapidshare.com; orkut.com; blogger.com; facebook.com; wikipedia.org;
      microsoft.com; myspace.com; msn.com; live.com; yahoo.com; google.com


 Detaliile fisierului Limbaj de programare:
 Limbaj de programare folosit: C (compilat cu Microsoft Visual C++).

Description insérée par Thomas Wegele le mercredi 27 août 2008
Description mise à jour par Thomas Wegele le mercredi 27 août 2008

Retour . . . .