Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Nom:TR/Buzus.dhxv
Type:Cheval de Troie
En circulation:Oui
Infections signales Faible a moyen
Potentiel de distribution:Moyen
Potentiel de destruction:Moyen
Fichier statique:Oui
Taille du fichier:273.415 Octets
Somme de contrle MD5:bb1c8ec022fc800dc5a7f4a217c47e2a

 Gnral Mthodes de propagation:
    Fonctionnalit d'excution automatique
   • Le rseau local
    Programme de messagerie


Les alias:
   •  Sophos: Troj/Nyrate-L
   •  Panda: W32/IRCbot.CVD
   •  Eset: Win32/AutoRun.IRCBot.DZ
   •  Bitdefender: Backdoor.Tofsee.Gen


Plateformes / Systmes d'exploitation:
   • Windows 2000
   • Windows XP
   • Windows 2003


Effets secondaires:
   • Il tlcharge un fichier malveillant
   • Il cre des fichiers malveillants
   • Il diminue les rglages de scurit
   • Il modifie des registres
   • Il facilite l'accs non autoris l'ordinateur

 Fichiers Il s'autocopie dans les emplacements suivants:
   • \conime.exe
   • %SYSDIR%\wcoredt.exe



Il crase un fichier.
%SYSDIR%\drivers\etc\hosts



Il supprime sa propre copie, excute initialement



Le fichier suivant est cr:

\autorun.inf Ceci est un fichier texte non malveillant avec le contenu suivant:
   •




Il essaie de tlcharger un ficher:

L'emplacement est le suivant:
   • http://up.g-youtube.info/net/**********




Il essaie dexcuter les fichiers suivants :

Nom de fichier: Noms des fichiers:
   • ipconfig /flushdns


Nom de fichier: Noms des fichiers:
   • sc delete K7TSMngr


Nom de fichier: Noms des fichiers:
   • net stop "avast! Antivirus"


Nom de fichier: Noms des fichiers:
   • sc stop "avast! Antivirus"


Nom de fichier: Noms des fichiers:
   • sc config "avast! Antivirus" start= disabled


Nom de fichier: Noms des fichiers:
   • net1 stop "avast! Antivirus"


Nom de fichier: Noms des fichiers:
   • sc delete "avast! Antivirus"


Nom de fichier: Noms des fichiers:
   • net stop AntiVirService


Nom de fichier: Noms des fichiers:
   • sc stop AntiVirService


Nom de fichier: Noms des fichiers:
   • sc config AntiVirService start= disabled


Nom de fichier: Noms des fichiers:
   • net1 stop AntiVirService


Nom de fichier: Noms des fichiers:
   • net stop K7RTScan


Nom de fichier: Noms des fichiers:
   • sc delete AntiVirService


Nom de fichier: Noms des fichiers:
   • net stop PASRV


Nom de fichier: Noms des fichiers:
   • sc stop PASRV


Nom de fichier: Noms des fichiers:
   • net1 stop PASRV


Nom de fichier: Noms des fichiers:
   • sc config PASRV start= disabled


Nom de fichier: Noms des fichiers:
   • sc delete PASRV


Nom de fichier: Noms des fichiers:
   • net stop VSSERV


Nom de fichier: Noms des fichiers:
   • sc stop VSSERV


Nom de fichier: Noms des fichiers:
   • sc config VSSERV start= disabled


Nom de fichier: Noms des fichiers:
   • net1 stop VSSERV


Nom de fichier: Noms des fichiers:
   • sc stop K7RTScan


Nom de fichier: Noms des fichiers:
   • sc delete VSSERV


Nom de fichier: Noms des fichiers:
   • net stop avg8wd


Nom de fichier: Noms des fichiers:
   • sc stop avg8wd


Nom de fichier: Noms des fichiers:
   • sc config avg8wd start= disabled


Nom de fichier: Noms des fichiers:
   • net1 stop avg8wd


Nom de fichier: Noms des fichiers:
   • sc delete avg8wd


Nom de fichier: Noms des fichiers:
   • net stop avg9wd


Nom de fichier: Noms des fichiers:
   • sc stop avg9wd


Nom de fichier: Noms des fichiers:
   • net1 stop avg9wd


Nom de fichier: Noms des fichiers:
   • sc config avg9wd start= disabled


Nom de fichier: Noms des fichiers:
   • sc config K7RTScan start= disabled


Nom de fichier: Noms des fichiers:
   • sc delete avg9wd


Nom de fichier: Noms des fichiers:
   • net stop NOD32krn


Nom de fichier: Noms des fichiers:
   • sc stop NOD32krn


Nom de fichier: Noms des fichiers:
   • net1 stop NOD32krn


Nom de fichier: Noms des fichiers:
   • sc config NOD32krn start= disabled


Nom de fichier: Noms des fichiers:
   • sc delete NOD32krn


Nom de fichier: Noms des fichiers:
   • net stop ekrn


Nom de fichier: Noms des fichiers:
   • sc stop ekrn


Nom de fichier: Noms des fichiers:
   • net1 stop ekrn


Nom de fichier: Noms des fichiers:
   • sc config ekrn start= disabled


Nom de fichier: Noms des fichiers:
   • net1 stop K7RTScan


Nom de fichier: Noms des fichiers:
   • sc delete ekrn


Nom de fichier: Noms des fichiers:
   • net stop McShield


Nom de fichier: Noms des fichiers:
   • sc stop McShield


Nom de fichier: Noms des fichiers:
   • net1 stop McShield


Nom de fichier: Noms des fichiers:
   • sc config McShield start= disabled


Nom de fichier: Noms des fichiers:
   • sc delete McShield


Nom de fichier: Noms des fichiers:
   • net stop OutpostFirewall


Nom de fichier: Noms des fichiers:
   • sc stop OutpostFirewall


Nom de fichier: Noms des fichiers:
   • sc config OutpostFirewall start= disabled


Nom de fichier: Noms des fichiers:
   • sc delete K7RTScan


Nom de fichier: Noms des fichiers:
   • net stop K7TSMngr


Nom de fichier: Noms des fichiers:
   • sc stop K7TSMngr


Nom de fichier: Noms des fichiers:
   • sc config K7TSMngr start= disabled


Nom de fichier: Noms des fichiers:
   • net1 stop K7TSMngr

 Registre La cl de registre suivante est ajoute afin de lancer le processus aprs le redmarrage:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "conime.exe"="conime.exe"



Les cls de registre suivantes, y compris toutes les valeurs et les sous-cls, sont enleves.
   • [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
   • [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]



Il cre les entres suivantes afin de passer par le Firewall de Windows XP:

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile\AuthorizedApplications\List]
   • "%SYSDIR%\wcoredt.exe"="%SYSDIR%\wcoredt.exe:*:Enabled:LAN Router"



Les cls de registre suivantes sont ajoute:

[HKLM\SOFTWARE\Microsoft\Security Center]
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000001
   • "FirewallDisableNotify"=dword:0x00000001
   • "FirewallOverride"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\conime.exe]
   • "Debugger"="wcoredt.exe"

[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
   • "DisableConfig"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%SYSDIR%\wcoredt.exe"="DisableNXShowUI"

[HKLM\SOFTWARE\Policies\Microsoft\MRT]
   • "DontReportInfectionInformation"=dword:0x00000001



Les cls de registre suivantes sont changes:

[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
   La nouvelle valeur:
   • "Start"=dword:0x00000004

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\SuperHidden]
   La nouvelle valeur:
   • "CheckedValue"=dword:0x00000001

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   La nouvelle valeur:
   • "Hidden"=dword:0x00000002

 Programme de messagerie Il se rpand par l'intermdiaire du programme de messagerie. Les caractristiques sont dcrites ci-dessous:

 MSN Messenger
 Yahoo Messenger

Le URL se rapporte alors une copie du malware dcrit. Si l'utilisateur tlcharge et excute ce fichier le procd d'infection commencera encore.

 Infection du rseau Afin de assurer sa propagation, le malware essaye de se connecter d'autres machines comme dcrit ci-dessous.


La vulnrabilit:
Il se sert des vulnrabilits suivantes:
– MS04-007 (ASN.1 Vulnerability)
 MS06-040 (Vulnrabilit dans Service de Serveur)


La cration des adresses IP:
Il cre des adresses IP alatoires tandis qu'il garde les deux premiers octets de sa propre adresse. Aprs il essaye d'tablir une connexion avec les adresses cres.

 IRC Afin de fournir des informations sur le systme et d'accs distance, il se connecte aux serveurs IRC suivants:

Serveur: ptr.b-y**********.info
Port: 7231
Canal: #ops
Pseudonyme: N|USA|V2B|0|XP|%nombre%

Serveur: comt0.d-y**********.info
Port: 6104
Canal: #ops
Pseudonyme: N|USA|V2B|0|XP|%nombre%

 Htes Le fichier hte est modifi, comme il est expliqu:

L'accs aux liens URL suivants est redirig vers d'autres destinations :
   • 166.109.246.176 msnfix.changelog.fr; www.incodesolutions.com;
      virusinfo.prevx.com; download.bleepingcomputer.com; www.dazhizhu.cn;
      foro.noticias3d.com; www.spybotupdates.com; club.myce.com;
      www.k7computing.com; softwaresecuritysolutions.com; www.nabble.com;
      lurker.clamav.net; lexikon.ikarus.at; research.sunbelt-software.com;
      www.virusdoctor.jp; www.elitepvpers.de; guru.avg.com;
      downloads.sophos.com; share.skype.com; myantispyware.com;
      www.computerhilfen.de; www.superuser.co.kr; ntfaq.co.kr;
      v.dreamwiz.com; cit.kookmin.ac.kr; forums.whatthetech.com;
      forum.hijackthis.de; avg.vo.llnwd.net; ftp.drweb.com;
      www.zonealarm.com; smadaver.com; support.emsisoft.com;
      psychoski.blogspot.com; www.huaifai.go.th; www.mostz.com;
      www.krupunmai.com; www.cddchiangmai.net; forum.malekal.com;
      tech.pantip.com; sapcupgrades.com; www.elguruinformatico.com;
      forums.avg.com; zastita.com; support.kaspersky.com;
      foro.msgpluslive.es; www.247fixes.com; forum.sysinternals.com;
      forum.telecharger.01net.com; sophos.com; foros.softonic.com;
      avast-home.uptodown.com; dr-web-cureit.softonic.com; heavenward.ru;
      forum.smadav.net; www.forum.kaspersky.com; www.f-secure.com;
      www.chkrootkit.org; diamondcs.com.au; www.rootkit.nl;
      www.sysinternals.com; z-oleg.com; espanol.dir.groups.yahoo.com;
      ftp01net.telechargement.fr; modelayu.com; vaksin.com;
      bbs.kaspersky.com.cn; www.castlecrops.com; www.misec.net;
      safecomputing.umn.edu; www.antirootkit.com; www.greatis.com;
      ar.answers.yahoo.com; www.elhacker.org; research.pandasecurity.com;
      www.tpu.ro; www.pinoyden.com; forum.avira.de; www.rootkit.com;
      www.pctools.com; www.pcsupportadvisor.com; www.resplendence.com;
      www.personal.psu.edu; foro.ethek.com; foro.elhacker.net;
      download.zonealarm.com; spywarehammer.com; www.codelain.com;
      www.thaicert.org; vil.nail.com; search.mcafee.com; wwww.mcafee.com;
      download.nai.com; wwww.experts-exchange.com; www.bakunos.com;
      www.darkclockers.com; www2.gmer.net; ariefew.com; www.emsisoft.com;
      forum.romeonet.ro; www.arenajunkies.com; www.Merijn.org;
      www.spywareinfo.com; www.spybot.info; www.viruslist.com;
      www.hijackthis.de; ftp.f-secure.com; forum.kaspersky.com;
      es.trendmicro-europe.com; www.hvaonline.net; forum.lowyat.net;
      kb.eset.com; majorgeeks.com; www.avp.com; www.virustotal.com;
      www.sophos.com; linhadefensiva.uol.com.br; cmmings.cn;
      www.sergiwa.com; www.el-hacker.com; dl2.agnitum.com; forum.smadav.net;
      images.malwareremoval.com; front.prevx.com; www.avg-antivirus.net;
      www.kaspersky-labs.com; www.kaspersky.com; www.bleepingcomputer.com;
      www.free.grisoft.com; alerta-antivirus.inteco.es; greatis.com;
      www.oprekpc.com; www.gmer.net; forum.kasperskyclub.com;
      securityresponse.symantec.com; www.analysis.seclab.tuwien.ac.at;
      www.symantec.com; www.kztechs.com; ad-aware-se.uptodown.com;
      stdio-labs.blogspot.com; forum.lrytas.lt; www.decido.de;
      wap.elakiri.com; ot-indo.blogspot.com;
      liveupdate.symantecliveupdate.com; liveupdate.symantec.com;
      customer.symantec.com; update.symantec.com; www.box.net;
      foro.el-hacker.com; acs.pandasoftware.com; egavisa.blogspot.com;
      angui123.cn; beta.eset.com; www.mcafee.com; download.mcafee.com;
      mast.mcafee.com; www.tecno-soft.com; ladooscuro.es; ftp.drweb.com;
      download.microsoft.com; www.mypcsafe.com; www.blindedbytech.com;
      kaspersky.com; sis-admin.blogspot.com; guru0.grisoft.cz;
      guru1.grisoft.cz; guru2.grisoft.cz; guru3.grisoft.cz;
      download.bleepingcomputer.com; it.answers.yahoo.com; www.softonic.com;
      www.mycity.rs; cairopt.net; rootrepeal.googlepages.com;
      www.windowexe.com; guru4.grisoft.cz; guru5.grisoft.cz;
      www.virusspy.com; download.f-secure.com; www.malwareremoval.com;
      forums.cnet.com; foros.softonic.com; www.freedrweb.com; www.kaskus.us;
      rootrepeal.psikotick.com; thaicert.nectec.or.th;
      hjt-data.trend-braintree.com; www.pantip.com; secubox.aldria.com;
      www.forospyware.com; www.manuelruvalcaba.com; www.zonavirus.com;
      www.leforo.com; www.gsmph.com; blokvesti.net; www.viprasys.org;
      forum.antivir-pe.de; www.siteadvisor.com; blog.threatfire.com;
      www.threatexpert.com; blog.hispasec.com; www.configurarequipos.com;
      sosvirus.changelog.fr; www.psicofxp.com; www.gsmph.net;
      www.gyakorikerdesek.hu; us.mcafee.com; www.malekal.com;
      mailcenter.rising.com.cn; mailcenter.rising.com; www.rising.com.cn;
      www.rising.com; www.babooforum.com.br; www.runscanner.net;
      www.blogschapines.com; www.zyzoom.org; www.avsoft.ru; www.elakiri.com;
      forum.telecharger.01net.com; sosvirus.changelog.fr;
      upload.changelog.fr; www.raymond.cc; changelog.fr; www.pcentraide.com;
      atazita.blogspot.com; www.thinkpad.cn; www.sunbeltsoftware.com;
      cert.inteco.es; www.gamexeon.com; nod32-antivirus.en.softonic.co;
      www.final4ever.com; files.filefont.com; www.infos-du-net.com;
      www.trendsecure.com; forum.hardware.fr; www.utilidades-utiles.com;
      blogs.icerocket.com; www.spywarefri.dk; alfrasha.maktoob.com;
      www.eset.eu; quickscan.bitdefender.com; www.spychecker.com;
      www.geekstogo.com; forums.maddoktor2.com; www.smokey-services.eu;
      www.clubic.com; www.linhadefensiva.org; www.rolandovera.com;
      forum.burek.com; secure.sophos.com; usa.kaspersky.com;
      board.softpedia.com; download.sysinternals.com; www.pcguide.com;
      www.thetechguide.com; www.ozzu.com; www.changedetection.com;
      espanol.groups.yahoo.com; www.sunbeltsecurity.com;
      www.quickheal.co.in; www.vivalared.com; thailand.itmylike.com;
      community.thaiware.com; www.avpclub.ddns.info;
      www.offensivecomputing.net; www.grisoft.com; boardreader.com;
      www.guiadohardware.net; www.webroot.com; www.thehelper.net;
      www.kaldata.com; vil.nai.com; www.malwarecrypt.com;
      www.msnvirusremoval.com; www.cisrt.org; fixmyim.com; samroeng.hi5.com;
      foro.elhacker.net; www.daboweb.com; service1.symantec.com;
      us3.download.comodo.com; forum.gsmhosting.com; www.computerforum.com;
      forum.avast.com; forums.techguy.org; www.incodesolutions.com;
      hijackthis.download3000.com; www.cybertechhelp.com;
      www.superdicas.com.br; www.51nb.com; us4.download.comodo.com;
      www.jbtalks.cc; ad13.geekstogo.com; forums.eternion-wow.com;
      downloads.andymanchesta.com; andymanchesta.com; info.prevx.com;
      aknow.prevx.com; www.zonavirus.com; securitywonks.net;
      www.yoreparo.com; www.spywarecease.com; forum.dobreprogramy.pl;
      community.mcafee.com; www.lavasoft.com; www.virscan.org;
      www.eeload.com; down.www.kingsoft.com; www.file.net; onecare.live.com;
      mvps.org; www.laneros.com; www.pc1news.com; forum.avira.com;
      downloads.novirusthanks.org; www.pinoyhackers.com;
      www.housecall.trendmicro.com; www.avast.com; www.free.avg.com;
      www.onlinescan.avast.com; www.ewido.net; www.trucoswindows.net;
      www.mozilla-hispano.org; www.jackbloodforum.com;
      www.kosandpol.elakiri.com; www.futurenow.bitdefender.com;
      www.bitdefender.com; www.f-prot.com; www.trendsecure.com;
      security.symantec.com; oldtimer.geekstogo.com;
      sopiansantosa.blogspot.com; www.fileresearchcenter.com;
      www.looktr.com; www.avira.com; www.eset.com; free.avg.com;
      www.free-av.com; kr.ahnlab.com; www.eset.com; forospyware.com;
      thejokerx.blogspot.com; cairopt.net; oolbar.cyberdefender.com;
      golpe.dyndns.org; forum.aiutamici.com; www.2-spyware.com;
      www.antivir.es; www.prevx.com; www.ikarus.net; bbs.s-sos.net;
      www.housecall.trendmicro.com; www.superdicas.com.br;
      www.superantispyware.com; www.unhackme.com; www.askmehelpdesk.com;
      forum.zebulon.fr; www.forums.majorgeeks.com; www.castlecops.com;
      www.virusspy.com; andymanchesta.com; www.kaspersky.es;
      subs.geekstogo.com; www.forospanish.com; blog.rnsafe.com;
      www.regrun.com; irc.snahosting.net; danielorza.net;
      www.trendmicro.com; www.fortinet.com; www.safer-networking.org;
      www.fortiguardcenter.com; www.dougknox.com; www.vsantivirus.com;
      static.commentcamarche.net; www.gyakorikerdesek.hu; www.fixya.com;
      www.alabamawomen.org; www.firewallguide.com; www.auditmypc.com;
      www.spywaredb.com; www.mxttchina.com; www.ziggamza.net;
      www.forospyware.es; pogonyuto.forospanish.com; spywarefiles.prevx.com;
      k2r.th3kings.net; www.betterantivirus.com; www.antivirus.comodo.com;
      www.spywareterminator.com; www.eradicatespyware.net;
      www.freespywareremoval.info; www.personalfirewall.comodo.com;
      wakoopa.com; forum.drweb.com; bb1.th3kings.net;
      www.commentcamarche.net; www.clamav.net; www.antivirus.about.com;
      www.pandasecurity.com; www.webphand.com; mx.answers.yahoo.com;
      www.securitywonks.net; www.messengeradictos.com; www.geekpolice.net;
      bub.th3kings.net; shield.prevx.com; www.sandboxie.com;
      www.clamwin.com; www.cwsandbox.org; www.ca.com; www.arswp.com;
      es.answers.yahoo.com; www.trucoswindows.es; www.ipaddresser.com;
      www.abgenis.net; www.freefixer.com; forums.afterdawn.com;
      www.networkworld.com; www.cddchiangmai.net; www.threatexpert.com;
      www.norman.com; espanol.answers.yahoo.com; www.tallemu.com;
      foro.portalhacker.net; www.groupwhere.org; sniff.runescapetube.com;
      forum.p30world.com; virscan.org; www.viruschief.com;
      scanner.virus.org; www.hijackthis.de; housecall65.trendmicro.com;
      www.guiadohardware.net; forums.whatthetech.com; mustlovewine.com;
      www3.malekal.com; esetnod32antivirus.blogspot.com;
      hjt.networktechs.com; www.techsupportforum.com; www.whatthetech.com;
      www.soccersuck.com; www.pcentraide.com; comunidad.wilkinsonpc.com.co;
      forum.hocit.com; forum.smadav.net; fgp.e2doo.com;
      community.thaiware.com; forum.piriform.com; www.tweaksforgeeks.com;
      www.daniweb.com; www.geekstogo.com; es.answers.yahoo.com;
      www.techsupportforum.com; dnl-eu8.kaspersky-labs.com; www.oprekpc.com;
      shv4.ath.cx; www.pcworld.com; www.pchell.com; www.spyany.com;
      forums.techguy.org; www.experts-exchange.com; www.wikio.es;
      www.pandasecurity.com; forums.devshed.com;
      devbuilds.kaspersky-labs.com; hana-ahmad.blogspot.com;
      www.linkmania.ro; forum.tweaks.com; www.wilderssecurity.com;
      www.techspot.com; www.thecomputerpitstop.com; es.wasalive.com;
      secunia.com; www.killtrojan.net; www.ulop.net; www.eliters.com;
      sip4.voipkosovasite.com; www.ftw.ro; es.kioskea.net; www.taringa.net;
      www.cyberdefender.com; www.feedage.com; new.taringa.net;
      forum.zazana.com; forum.clubedohardware.com.br; mks.com.pl;
      www.vietcaravan.us; trbotnet.sytes.net; community.norton.com;
      www.computing.net; discussions.virtualdr.com;
      forum.securitycadets.com; www.techimo.com; 13iii.com;
      www.dicasweb.com.br; www.javacoolsoftware.net; cofradia.org;
      wasteland-bg.com; www.windowexe.com; malekal.com;
      www.infosecpodcast.com; www.usbcleaner.cn; www.net-security.org;
      www.bleedingthreats.net; acs.pandasoftware.com; www.funkytoad.com;
      malwarebytes.org; sabithpocker.blogspot.com; comprolive.vox.com;
      www.worton.com; www.360safe.cn; www.360safe.com; bbs.360safe.cn;
      bbs.360safe.com; codehard.wordpress.com; forum.clubedohardware.com.br;
      antitrick.com; www.configurarequipos.com; www.jiwang.org;
      anti-virus-software-review.toptenreviews.com; www.360.cn; www.360.com;
      bbs.360safe.cn; bbs.360safe.com; www.forospyware.es;
      p3dev.taringa.net; www.precisesecurity.com; dlpe.antivir.com;
      www.jvme.com; share.skype.com; comprolive.com; gotoknow.org;
      baike.360.cn; baike.360.com; kaba.360.cn; kaba.360.com;
      deckard.geekstogo.com; www.taringa.net; forums.comodo.com;
      www.mvps.org; melcy.wordpress.com; forum.softpedia.com;
      pcvids.wordpress.com; shop.symantecstore.com; down.360safe.cn;
      down.360safe.com; x.360safe.com; dl.360safe.com; ftp.drweb.com;
      www.hotshare.net; es.wasalive.com; free.antivirus.com;
      forum.hocit.com; destavision-forum.com; inspiresoft.blogspot.com;
      updatem.360safe.com; updatem.360safe.cn; update.360safe.cn;
      update.360safe.com; www.utilidades-utiles.com; forum.kaspersky.com;
      www.indowebster.web.id; zastita.com; www.sz-pet.com;
      foros.abcdatos.com; www.elektroda.pl; bbs.duba.net; www.duba.net;
      zhidao.baidu.com; hi.baidu.com; www.drweb.com.es;
      msncleaner.softonic.com; www.javacoolsoftware.com;
      beniono.wordpress.com; www.4-gsmteam.com; msntubers.freehostia.com;
      store.norton.com; file.ikaka.com; file.ikaka.cn; bbs.ikaka.com;
      zhidao.ikaka.com; www.eset-la.com; download.eset.com;
      software-files.download.com; www.faravirusi.com; www.winbots.es;
      forum.chip.de; www.thailandsusu.com; www.ikaka.com; www.ikaka.cn;
      bbs.cfan.com.cn; www.cfan.com.cn; www.pandasecurity.com;
      es.mcafee.com; downloads.malwarebytes.org; www.devirusare.com;
      forum.skype.com; shitit.net; www.webimmune.net; forum.swzone.it;
      bbs.kafan.cn; bbs.kafan.com; bbs.kpfans.com; bbs.taisha.org;
      www.manuelruvalcaba.com; support.f-secure.com; bbs.winzheng.com;
      devirusare.com; social.microsoft.com; www.shitit.net;
      mx.answers.yahoo.com; alerta-antivirus.inteco.es; foros.zonavirus.com;
      alerta-antivirus.red.es; www.zonavirus.com; www.malwarebytes.org;
      www.commentcamarche.net; news.support.veritas.com; www.zonealarm.com;
      malwarebytes-anti-malware.softonic.com; www.ewido.net;
      www.infospyware.com; www.bitdefender.es; housecall.trendmicro.com;
      foros.toxico-pc.com; www.identi.es; es.kioskea.net; virusinfo.info;
      forums.zonealarm.com; foro.infiernohacker.com; www.emsisoft.de;
      www.securitynewsportal.com; irc.ekizmedia.com; zone.arminboutique.com;
      story.dnsentrymx.com


 Arrt de processus: La liste des processus qui sont termins:
   • MSMPENG.EXE; MSASCUI.EXE; GUARDXKICKOFF.EXE; GUARDXSERVICE.EXE;
      VIRUSUTILITIES.EXE; VBA32-PERSONAL-LATEST-ENGLISH.EXE;
      TrendMicro_TISPro_16.1_1063_x32.EXE; WITSETUP.EXE; AVINSTALL.EXE;
      K7TS_SETUP.EXE; P08PROMO.EXE; ISSDM_EN_32.EXE; VIPRE.EXE;
      UNLOCKER.EXE; UNLOCKERASSISTANT.EXE; UNLOCKER1.8.7.EXE;
      REGUNLOCKER.EXE; COMPAQ_PROPIETARIO.EXE; ATF-CLEANER.EXE;
      SAFEBOOTKEYREPAIR.EXEOTMOVEIT3.EXEHOSTSXPERT.EXEDAFT.EXE; VIRUS.EXE;
      HIJACK-THIS.EXE; MRT.EXE; MRTSTUB.EXE; WINDOWS-KB890930-V2.2.EXE;
      HJ.EXE; ELISTA.EXE; PENCLEAN.EXE; MBAM-SETUP.EXE; MBAM.EXE; AVZ.EXE;
      JAJA.EXE; OTMOVEIT.EXEMBAM-SETUP.EXE; REGMON.EXE; COMBO-FIX.EXE;
      COMBOFIX.BAT; COMBOFIX.SCR; COMBOFIX.COM; NTVDM.EXE; GUARD.EXE;
      LISTO.EXE; TCPVIEW.EXE; REGEDIT.COM; REGEDIT.SCR; FOLDERCURE.EXE;
      KILLAUTOPLUS.EXE; MYPHOTOKILLER.EXE; REG.EXE; TASKKILL.EXE;
      AUTORUNS.EXE; SRENGPS.EXE; COMBOFIX.EXE; SDFIX.EXE; CATCHME.EXE;
      GMER.EXE; MBR.EXE; CF9409.EXE;
      REGUNLOCKER.EXETSNTEVAL.EXEXP_TASKMGRENAB.EXE; SUPERANTISPYWARE.EXE;
      BOOTSAFE.EXE; SRESTORE.EXE; MSNCLEANER.EXE; BUSCAREG.EXE;
      KAKASETUPV6.EXE; SUPERKILLER.EXE; DUBATOOL_AV_KILLER.EXE;
      DELAYDELFILE.EXE; SEEM.EXE; BC5CA6A.EXE; ROOTALYZER.EXE;
      ROOTKITBUSTER.EXE; HELIOS.EXE; DARKSPY105.EXE; HOOKANLZ.EXE;
      PAVARK.EXE; SRENGLDR.EXE; APORTS.EXE; FPORT.EXE; PORTDETECTIVE.EXE;
      PORTMONITOR.EXE; NETSTAT.EXE; OLLYDBG.EXE; HJTINSTALL.EXE;
      HJTSETUP.EXE; HIJACKTHIS_SFX.EXE; HIJACKTHIS.EXE; HIJACKTHIS_V2.EXE;
      MSNFIX.EXE; PROCEXP.EXE; TASKMAN.EXE; TASKLIST.EXE; TASKMON.EXE;
      PSKILL.EXE; ROOTKITREVEALER.EXE; FSBL.EXE; FSB.EXE; AVGARKT.EXE;
      ROOTKIT_DETECTIVE.EXE; UNHACKME.EXE; HACKMON.EXE; RKD.EXE;
      ROOTKITNO.EXE; REANIMATOR.EXE; HOOKANLZ.EXE; ROOTREPEAL.EXE;
      ICESWORD.EXE; LORDPE.EXE; PG2.EXE; PROCDUMP.EXE; PROCESSMONITOR.EXE;
      SPYBOTSD160.EXE; TEATIMER.EXE; SPYBOTSD.EXE; WIRESHARK.EXE; APM.EXE;
      APT.EXE; ASVIEWER.EXE; CPORTS.EXE; CPROCESS.EXE; DLLCOMPARE.EXE;
      A2HIJACKFREESETUP.EXE; EULALYZERSETUP.EXE; FILEALYZ.EXE; FILEFIND.EXE;
      FIXPATH.EXE; HOSTSFILEREADER.EXE; IEFIX.EXE; AVENGER.EXE;
      INSTALLWATCHPRO25.EXE; KILLBOX.EXE; NETALYZ.EXE; OBJMONSETUP.EXE;
      PGSETUP.EXE; FIXBAGLE.EXE; CUREIT.EXE; PROCMON.EXE;
      PROJECTWHOISINSTALLER.EXE; REGALYZ.EXE; REGCOOL.EXE;
      REGISTRAR_LITE.EXE; REGSCANNER.EXE; REGSHOT.EXE; REGX2.EXE; SPF.EXE;
      SRENGLDR.EXE; STARTDRECK.EXE; SYSANALYZER_SETUP.EXE; UNIEXTRACT.EXE;
      UNLOCKER1.8.7.EXE; RAVP.EXE; MBAM.EXE; USBGUARD.EXE; AVZ.EXE; OTL.EXE;
      CPF.EXE; ZLCLIENT.EXE; 123.COM; 123.EXE


 Dtails de fichier Logiciel de compression des fichiers excutables:
Afin d'entraver la dtection et de rduire la taille du fichier il est compress avec un logiciel de compression des excutables.

Description insérée par Petre Galan le lundi 7 juin 2010
Description mise à jour par Petre Galan le lundi 7 juin 2010

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.