Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Date discovered:12/04/2013
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
VDF version: - Friday, April 12, 2013
IVDF version: - Friday, April 12, 2013

 General Method of propagation:
   • No own spreading routine

   •  Symantec: Trojan.Gen.2
   •  Mcafee: Artemis!422C295E1450
   •  Kaspersky: Trojan.Win32.Yakes.cowi
   •  TrendMicro: TROJ_MATSNU.JYA
   •  F-Secure: Trojan.GenericKD.938208
   •  Sophos: Troj/Yakes-W
   •  Bitdefender: Trojan.GenericKD.938208
     Microsoft: Trojan:Win32/Matsnu
   •  Panda: Suspicious file
   •  Eset: Win32/Trustezeb.C
     GData: Trojan.GenericKD.938208
     Ikarus: Trojan.Yakes
     Norman: Suspicious_Gen4.DMIYP

Platforms / OS:
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

Side effects:
    Can be used to execute malicious code
   • Can be used by rogue users or malware to lower security settings
   • Drops a malicious file

 Files It copies itself to the following locations:
   • %TEMPDIR%\ypdtdzkglm.pre
   • %HOME%\Application Data\Kwkcz\rrisptnyy.exe

 Registry The following registry key is added in order to run the process after reboot:

   • yrtytnyy"="%HOME%\\Application Data\\Kwkcz\\rrisptnyy.exe

The following registry keys are added:

[HKLM\SYSTEM\ControlSet001\Control\Session Manager]
   • "PendingFileRenameOperations"="\??\%TEMPDIR%\ypdtdzkglm.pre;"

   Internet Settings]
   • "ProxyEnable"=dword:00000000

 Backdoor Contact server:
One of the following:
   • g**********
   • s**********
   • http://n**********
   • http://n**********

Description insérée par Elias Lan le samedi 13 avril 2013
Description mise à jour par Elias Lan le samedi 13 avril 2013

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.