Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Virus:TR/Dldr.Bagle.NK
Date discovered:15/04/2008
Type:Trojan
Subtype:Downloader
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:684.032 Bytes
MD5 checksum:1ad002e1307bc480ee2c111e45fc2498
IVDF version:7.00.03.170 - Tuesday, April 15, 2008

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan-Downloader.Win32.Bagle.nk
   •  F-Secure: Trojan-Downloader.Win32.Bagle.nk
   •  Grisoft: I-Worm/Bagle.AKB
   •  Bitdefender: Trojan.Bagle.DV


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Disable security applications
   • Downloads files
   • Lowers security settings
   • Registry modification


Right after execution the following information is displayed:



 Files It copies itself to the following locations:
   • %SYSDIR%\drivers\hldrrr.exe
   • %SYSDIR%\drivers\mdelk.exe



It overwrites a file.
%randomly chosen directory%\%unknown%.exe

With the following contents:
   • %executed file%





It tries to download a file:

– The locations are the following:
   • http://62.193.236.47/images/**********
   • http://66.165.182.166/images/**********
   • http://abservices.es/images/**********
   • http://addexo.com/images/**********
   • http://agenciahispanoamericana.net/images/**********
   • http://agmagazine.com.ar/images/**********
   • http://alugil.es/images/**********
   • http://appartamentitropea.com/images/**********
   • http://ar-dna.nazwa.pl/images/**********
   • http://atlas-developpement.com/images/**********
   • http://aultimahora.com.ar/images/**********
   • http://bittersweet.pl/images/**********
   • http://borkowsk.webd.pl/images/**********
   • http://bungalowsdelsol.com/images/**********
   • http://capriiateclube.com.br/images/**********
   • http://carada.it/images/**********
   • http://cestiregalo.altervista.org/images/**********
   • http://coltplus.bremen.tw/images/**********
   • http://delarte.p1718.futuro.pl/images/**********
   • http://delzacc.com.ar/images/**********
   • http://digisave.ch/images/**********
   • http://djstoned.dj.funpic.de/images/**********
   • http://e314.de/images/**********
   • http://elmartinet.cat/images/**********
   • http://empresariosmineros.com/images/**********
   • http://eskandaie.com/images/**********
   • http://evelya.es/images/**********
   • http://faciltecnologias.com.br/images/**********
   • http://foroantiguo.acuariofilia.net/images/**********
   • http://gelezis.lt/images/**********
   • http://habboaccesstaff.altervista.org/images/**********
   • http://hacedoresmendoza.altervista.org/images/**********
   • http://heniek.w.tkb.pl/images/**********
   • http://henryglass.it/images/**********
   • http://hostingpuebla.com/images/**********
   • http://iescanpuig.cat/images/**********
   • http://imaseo.com/images/**********
   • http://indianwintersports.com/images/**********
   • http://ivanrusso.com.ar/images/**********
   • http://jillclicks.info/images/**********
   • http://kaosconcept.net/images/**********
   • http://karlsgarten.de/images/**********
   • http://kinesis-gym.gr/images/**********
   • http://ladeira.com.br/images/**********
   • http://laruedespavots.org/images/**********
   • http://lisac.si/images/**********
   • http://llar-llibre.com/images/**********
   • http://malasommamarco.com/images/**********
   • http://margotmedia.com/images/**********
   • http://mariage-tunisien.com/images/**********
   • http://monilove.credors.pl/images/**********
   • http://motto.com.pl/images/**********
   • http://mwiktor.nazwa.pl/images/**********
   • http://nasko.com.br/images/**********
   • http://nzj.home.pl/images/**********
   • http://oab-niteroi.org/images/**********
   • http://parodiario.tv/images/**********
   • http://pc-hard.com/images/**********
   • http://perfumeria-online.pl/images/**********
   • http://pflanzenoase.pf.funpic.de/images/**********
   • http://projetoecotour.com.br/images/**********
   • http://rainy.ir/images/**********
   • http://realisations.net/images/**********
   • http://recinservices.com/images/**********
   • http://ringingcedarsusa.com/images/**********
   • http://robert.startime.at/images/**********
   • http://roupenboghossian.com/images/**********
   • http://rubios-gay.info/images/**********
   • http://rycsim.fr/images/**********
   • http://s144758003.onlinehome.fr/images/**********
   • http://shop-toyru.125.com1.ru/images/**********
   • http://sminco.nazwa.pl/images/**********
   • http://solar-protec.com/images/**********
   • http://spainontv.com/images/**********
   • http://statosphere.info/images/**********
   • http://strzelectwo.lodz.pl/images/**********
   • http://studiavanti.nl/images/**********
   • http://surlabouche.biz/images/**********
   • http://surtel.com.br/images/**********
   • http://tanja-grimm.eu/images/**********
   • http://taximan.fi/images/**********
   • http://test.olivierdesforges.fr/images/**********
   • http://toshiba-tvru.112.com1.ru/images/**********
   • http://transwalkers.com/images/**********
   • http://tus-fussball.com/images/**********
   • http://von-hiss.com/images/**********
   • http://wallat-knauth.de/images/**********
   • http://web4.vs165183.vserver.de/images/**********
   • http://wischalla.de/images/**********
   • http://www.adiscart.com/images/**********
   • http://www.aguirre-inc.com/images/**********
   • http://www.altmannsports.ch/images/**********
   • http://www.avalonvillarrubia.com/images/**********
   • http://www.azionecattolicamessina.it/images/**********
   • http://www.bagnoz.com/images/**********
   • http://www.bellazura.com/images/**********
   • http://www.cnc-steuerung.de/images/**********
   • http://www.davidbrookins.com/images/**********
   • http://www.deakteerstudio.nl/images/**********
   • http://www.diesel.com/images/**********
   • http://www.ewbbds.ae/images/**********
   • http://www.ffcqatar.com/images/**********
   • http://www.fluoreszcens.sote.hu/images/**********
   • http://www.fourelementsjersey.com/images/**********
   • http://www.hellseherin.li/images/**********
   • http://www.infinito.art.br/images/**********
   • http://www.juniordoctors.eu/images/**********
   • http://www.kovos-dvorak.cz/images/**********
   • http://www.labotest.it/images/**********
   • http://www.magischekringhaaglanden.nl/images/**********
   • http://www.mona-koenig.de/images/**********
   • http://www.qualitycolombia.com/images/**********
   • http://www.rgb-worx.com/images/**********
   • http://www.scharsterrijn.nl/images/**********
   • http://www.silverstoneinn.com/images/**********
   • http://www.speedpicker.com/images/**********
   • http://www.swtsound.com/images/**********
   • http://www.taziocorse.com/images/**********
   • http://www2.seminariodetenerife.org/images/**********
   • http://www7.webdesign-promotion.com/images/**********
   • http://zelenaratolest.cz/images/**********
At the time of writing this file was not online for further investigation.

 Registry The following registry key is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • %unknown% = %randomly chosen directory%\%unknown%.exe

 Process termination List of processes that are terminated:
   • a2cmd.exe; a2guard.exe; a2HiJackFree.exe; a2scan.exe; a2service.exe;
      a2start.exe; a2upd.exe; a2wizard.exe; aavshield.exe; About.exe;
      AckWin32.exe; ADVCHK.EXE; Agb5.exe; Agb5_.exe; AhnSD.exe;
      airdefense.exe; ALERTSVC.EXE; ALMon.exe; ALOGSERV.EXE; ALsvc.exe;
      ALUNOTIFY.EXE; amon.exe; Anti-Trojan.exe; AntiVirScheduler;
      AntiVirService; AntiVirus.exe; ANTS.EXE; APVXDWIN.EXE; Armor2net.exe;
      ash.exe; ashAvast.exe; ashAvSrv.exe; ashchest.exe; ashDisp.exe;
      ashDug.exe; ashEnhcd.exe; ashLogV.exe; ashMaiSv.exe; ashPopWz.exe;
      ashQuick.exe; ashServ.exe; ashsimp2.exe; ashSimpl.exe; ashSkPcc.exe;
      ashSkPck.exe; ashUpd.exe; ashWebSv.exe; ash_UpdateMediator.exe;
      aswRegSvr.exe; aswUpdSv.exe; ATCON.EXE; ATUPDATER.EXE; ATWATCH.EXE;
      AUPDATE.EXE; AUTODOWN.EXE; AutostartExplorer.exe; AUTOTRACE.EXE;
      AUTOUPDATE.EXE; avadmin.exe; avcenter.exe; avciman.exe; avcmd.exe;
      avconfig.exe; Avconsol.exe; AVENGINE.EXE; avgamsvr.exe; avgcc.exe;
      AVGCC32.EXE; AVGCTRL.EXE; avgdiag.exe; avgemc.exe; avgfwsrv.exe;
      avginet.exe; avgnpdln.exe; avgnpsvc.exe; AVGNT.EXE; avgntdd; avgntmgr;
      avgrssvc.exe; avgscan.exe; AVGSERV.EXE; AVGUARD.EXE; avgupden.exe;
      avgupsvc.exe; avgvv.exe; avgw.exe; avgwizfw.exe; avinitnt.exe;
      AvkServ.exe; AVKService.exe; AVKWCtl.exe; avnotify.exe; AVP.EXE;
      AVP32.EXE; avpcc.exe; avpm.exe; AVPUPD.EXE; avscan.exe; AVSCHED32.EXE;
      avsynmgr.exe; AVWUPD32.EXE; AVWUPSRV.EXE; AVXMONITOR9X.EXE;
      AVXMONITORNT.EXE; AVXQUAR.EXE; BackWeb-4476822.exe; bdagent.exe;
      bdmcon.exe; bdnews.exe; bdoesrv.exe; bdss.exe; bdsubmit.exe;
      bdsubmitwiz.exe; BDSurvey.exe; bdswitch.exe; bdwizreg.exe; blackd.exe;
      blackice.exe; blindman.exe; BTIni.exe; BTIniNT.exe; cafix.exe;
      CavApp.exe; CaVasm.exe; CavAUD.exe; CavEmSrv.exe; Cavmr.exe;
      CavMUD.exe; Cavoar.exe; CavQ.exe; CAVSCons.exe; cavse.exe; CavSn.exe;
      CavSub.exe; CAVSubmit.exe; CavUMAS.exe; CavUserUpd.exe; Cavvl.exe;
      ccApp.exe; ccEvtMgr.exe; ccProxy.exe; ccSetMgr.exe; CEmRep.exe;
      CFIAUDIT.EXE; clamscan.exe; ClamTray.exe; ClamWin.exe; Claw95.exe;
      Claw95cf.exe; cleaner.exe; cleaner3.exe; CliSvc.exe; CMain.exe;
      CMGrdian.exe; copyx64.exe; cpd.exe; cssexc.exe; custinstall.exe;
      custsetup.exe; defensewall.exe; DefWatch.exe; dislite.exe; DOORS.EXE;
      dpatrolq.exe; drvctl.exe; DrVirus.exe; DrvMap.exe; drwadins.exe;
      drweb32w.exe; drweb386.exe; drwebscd.exe; DRWEBUPW.EXE; drwebwcl.exe;
      drwreg.exe; ecmd.exe; egni.exe; ekrn.exe; EMM386.EXE; ESCANH95.EXE;
      ESCANHNT.EXE; ewidoctrl.exe; exit_av.exe;
      EzAntivirusRegistrationCheck.exe; F-AGNT95.EXE; F-PROT95.EXE;
      F-Sched.exe; F-StopW.EXE; FAMEH32.exe; FAST.EXE; FCH32.exe;
      firebird.exe; FireSvc.exe; FireTray.exe; FIREWALL.EXE; FLOPPY.EXE;
      FLOPPY9x.EXE; FLOPPYME.EXE; FPAVServer.exe; fpavupdm.exe;
      FProtTray.exe; fpscan.exe; fptrayproc.exe; FPWin.exe; freshclam.exe;
      FRW.EXE; fsample.exe; fsaua.exe; fsauach.exe; fsav.exe; fsav32.exe;
      fsavaui.exe; fsavgui.exe; fsavstrt.exe; fsavwsch.exe; fsavwscr.exe;
      fsbwsys.exe; fsdbuh.exe; fsdc.exe; fsdfwd.exe; FSDIAG.exe;
      FsDiagUi.exe; fsfwwsch.exe; fsfwwscr.exe; fsgetwab.exe; fsgk32.exe;
      fsgk32st.exe; fsguidll.exe; fsguiexe.exe; FSHDLL32.exe; fshelp.exe;
      FSHOTFIX.exe; fsihcomp.exe; fsihs.exe; FSIMAGE.EXE; FSLAUNCH.exe;
      FSM32.exe; FSMA32.exe; FSMB32.exe; fspc.exe; fspex.exe; fsqh.exe;
      fssf.exe; fssg.exe; fssm32.exe; fsstm.exe; fssw.exe; fstlui.exe;
      fsuninst.exe; fsus.exe; gcasDtServ.exe; gcasServ.exe;
      GIANTAntiSpywareMain.exe; GIANTAntiSpywareUpdater.exe; GUARD.EXE;
      guardgni.exe; GUARDGUI.EXE; GuardNT.exe; helper.exe; hipsdiag.exe;
      HRegMon.exe; Hrres.exe; HSockPE.exe; HUpdate.EXE; iamapp.exe;
      iamserv.exe; ICLOAD95.EXE; ICLOADNT.EXE; ICMON.EXE; ICSSUPPNT.EXE;
      ICSUPP95.EXE; ICSUPPNT.EXE; IERegFix.exe; IFACE.EXE; ih8.exe;
      ih8run.exe; ILAUNCHR.exe; INETUPD.EXE; InocIT.exe; InoRpc.exe;
      InoRT.exe; InoTask.exe; InoUpTNG.exe; InstallCAVS.exe;
      InstallLicense.exe; InstallLSP.exe; InstLsp.exe; INWISE.EXE;
      IOMON98.EXE; isafe.exe; ISATRAY.EXE; ISPNews.exe; isPwdsvc.exe;
      ISRV95.EXE; ISSVC.exe; isUAC.exe; JEDI.EXE; KAV.exe; kavmm.exe;
      KAVPF.exe; KavPFW.exe; KAVStart.exe; KAVSvc.exe; KAVSvcUI.EXE;
      KMailMon.EXE; KPfwSvc.EXE; KWatch.EXE; licmgr.exe; livesrv.exe;
      LiveUpdate.exe; LOCKDOWN2000.EXE; LogWatNT.exe; lpfw.exe; LUALL.EXE;
      LUCallbackProxy.exe; LUCheck.exe; LUCOMSERVER.EXE;
      LuComServer_3_2.EXE; LuConfig.exe; LUInit.exe; Luupdate.exe;
      MalwareRemoval.exe; MCAGENT.EXE; mcmnhdlr.exe; mcregwiz.exe;
      Mcshield.exe; MCUPDATE.EXE; mcvsshld.exe; MemString.exe; MINILOG.EXE;
      MONITOR.EXE; monlite.exe; MonSysNT.exe; MOOLIVE.EXE; MpEng.exe;
      mpssvc.exe; MSMPSVC.exe; msascui.exe; mva.exe; MVC.exe; myAgtSvc.exe;
      myagttry.exe; navapsvc.exe; NAVAPW32.EXE; NavLu32.exe; NAVStub.exe;
      NAVW32.EXE; Navwnt.exe; NDD32.EXE; NeoWatchLog.exe; NeoWatchTray.exe;
      NetstatViewer.exe; nisoptui.exe; NISSERV; NISUM.EXE; NMAIN.EXE;
      nod32.exe; nod32krn.exe; nod32kui.exe; NORMIST.EXE; NotifyHA.exe;
      notstart.exe; npavtray.exe; NPFMNTOR.EXE; npfmsg.exe; NPROTECT.EXE;
      NSCHED32.EXE; NSMdtr.exe; NssServ.exe; NssTray.exe; ntrtscan.exe;
      NTXconfig.exe; NUPGRADE.EXE; NVC95.EXE; Nvcod.exe; Nvcte.exe;
      Nvcut.exe; NWCDEX.EXE; NWService.exe; oasrv.exe; oaui.exe;
      OfcPfwSvc.exe; olAddin.exe; OnAccessInstaller.exe; osCheck.exe;
      OUTPOST.EXE; PartIn.exe; PartIn9x.exe; partinfo.exe; PartInNT.exe;
      PAV.EXE; PavFires.exe; PavFnSvr.exe; Pavkre.exe; PavProt.exe;
      pavProxy.exe; pavprsrv.exe; pavsrv51.exe; PAVSS.EXE; pccguide.exe;
      PCCIOMON.EXE; pccntmon.exe; PCCPFW.exe; PcCtlCom.exe; PCTAV.exe;
      PERSFW.EXE; pertsk.exe; PERVAC.EXE; PM8Flash.exe; PMagic.exe;
      PMagic9x.exe; PMagicBT.exe; PMagicNT.exe; PNMSRV.EXE; POLUTIL.exe;
      POP3TRAP.EXE; POPROXY.EXE; postinstall.exe; ppfw.exe; PQBOOT.EXE;
      Pqboot32.exe; PQBOOTX.EXE; pqbw.exe; PQLAUNCH.EXE; PQMAGIC.EXE;
      PqPe.exe; pqpe9x.exe; pqpent.exe; preconfig.exe; preupd.exe;
      prevsrv.exe; PrevxSetup.exe; ProcessViewer.exe; psctrls.exe;
      pshost.exe; PsImSvc.exe; PTEDIT.EXE; PTEDIT32.EXE; PTEPIT32.EXE;
      PXAgent.exe; PXConsole.exe; PXL.exe; PXL1.exe; PXReset.exe;
      pxsupport.exe; QHM32.EXE; QHONLINE.EXE; QHONSVC.EXE; QHPF.EXE;
      qhwscsvc.exe; qklez.exe; qrtfix.exe; quaranti.exe; RavMon.exe;
      RavTimer.exe; Realmon.exe; REALMON95.EXE; register.exe; removeit.exe;
      Remover.exe; Rescue.exe; rfwmain.exe; Rtvscan.exe; RTVSCN95.EXE;
      RuLaunch.exe; RunSetup.exe; sarcli.exe; sargui.exe; SAV32CLI.EXE;
      SAVAdminService.exe; SAVMain.exe; savprogress.exe; SAVScan.exe;
      SCAN32.EXE; scanner.exe; ScanningProcess.exe; sched.exe; sdhelp.exe;
      sdinvoker.exe; sdloader.exe; SDTrayApp.exe; seccenter.exe;
      SERVIC~1.EXE; SHSTAT.EXE; sigtool.exe; SiteCli.exe; smc.exe;
      SNDSrvc.exe; SNUTIL.EXE; SPBBCSvc.exe; SPHINX.EXE; spiderml.exe;
      spidernt.exe; Spiderui.exe; sporder.exe; SpybotSD.exe; SPYXX.EXE;
      SS3EDIT.EXE; start_diag.exe; stopsignav.exe; SubmitFiles.exe;
      svcntaux.exe; swAgent.exe; swdoctor.exe; swdsvc.exe; SWNETSUP.EXE;
      SymantecRootInstaller.exe; symlcsvc.exe; SymProxySvc.exe;
      SymSPort.exe; SymWSC.exe; SYNMGR.EXE; Sysinfo.exe; TAUMON.EXE;
      TBMon.exe; TC.EXE; tca.exe; TCM.EXE; TDS-3.EXE; TeaTimer.exe;
      TFAK.EXE; tgsvcstp.exe; THAV.EXE; THGnard.exe; THSM.EXE; Tmas.exe;
      tmlisten.exe; Tmntsrv.exe; TmPfw.exe; tmproxy.exe; tnbutil.exe;
      tracelog.exe; TRJSCAN.EXE; TrojanGuarder.exe; TrojanHunter.exe;
      trtddptr.exe; uiscan.exe; UninstallCAVS.exe; Uninstaller.exe;
      UninstallLSP.exe; unp_test.exe; Up2Date.exe; UPDATE.EXE;
      UpdaterUI.exe; updclient.exe; upgrepl.exe; UPSObMaker.exe; UUpd.exe;
      Vba32ECM.exe; Vba32ifs.exe; vba32ldr.exe; Vba32PP3.exe; VBSNTW.exe;
      vchk.exe; vcrmon.exe; VetTray.exe; viritexp.exe; viritsvc.exe;
      VirusKeeper.exe; VirusNews.exe; VistAux.exe; VisthLic.exe;
      VisthUpd.exe; VPTRAY.EXE; vrfwsvc.exe; VRMONNT.EXE; vrmonsvc.exe;
      vrrw32.exe; VSECOMR.EXE; Vshwin32.exe; vsmon.exe; vsserv.exe;
      VsStat.exe; w9xpopen; WATCHDOG.EXE; Wclose.exe; webfiltr.exe;
      WebProxy.exe; Webscanx.exe; WEBTRAP.EXE; WGFE95.EXE; wil.exe;
      Winaw32.exe; WindowList.exe; winroute.exe; winss.exe; winssnotify.exe;
      WRADMIN.EXE; WRCTRL.EXE; writespid.exe; WRPROG.EXE; wsctool.exe;
      xcommsvr.exe; zatutor.exe; ZAUINST.EXE; zauninst.exe; zlclient.exe;
      zonealarm.exe; _AVP32.EXE; _AVPCC.EXE; _AVPM.EXE


List of services that are disabled:
   • Aavmker4; ABVPN2K; acssrv; ADBLOCK.DLL; ADFirewall; AFWMCL; Ahnlab
      task Scheduler; alerter; AlertManger; AntiVir Service; AntiyFirewall;
      ARP.DLL; aswMon2; aswRdr; aswTdi; aswUpdSv; Ati HotKey Poller; avast!
      Antivirus; avast! Mail Scanner; avast! Web Scanner; AVEService;
      AVExch32Service; AvFlt; Avg7Alrt; Avg7Core; Avg7RsW; Avg7RsXP;
      Avg7UpdSvc; AvgCore; AvgFsh; AVGFwSrv; AvgFwSvr; AvgServ; AvgTdi;
      AVIRAMailService; AVIRAService; AVKProxy; AVKService; AVKWCtl; avpcc;
      AVUPDService; AVWUpSrv; AvxIni; awhost32; backweb client - 4476822;
      BackWeb Client - 7681197; backweb client-4476822; Bdfndisf; bdftdif;
      bdss; BlackICE; BsFileSpy; BsFirewall; BsMailProxy; CAISafe; ccEvtMgr;
      ccPwdSvc; ccSetMgr; ccSetMgr.exe; CONTENT.DLL; DefWatch; DNSCACHE.DLL;
      drwebnet; dvpapi; dvpinit; ewido security suite control; ewido
      security suite driver; ewido security suite guard; F-Prot Antivirus
      Update Monitor; F-Secure Gatekeeper Handler Starter; firewall; FSAUA;
      fsbwsys; FSDFWD; FSFW; FSMA; FTPFILT.DLL; FwcAgent; fwdrv; Guard NT;
      HSnSFW; HSnSPro; HTMLFILT.DLL; HTTPFILT.DLL; IMAPFILT.DLL; InoRPC;
      InoRT; InoTask; Ip6Fw; Ip6FwHlp; KAVMonitorService; KAVSvc; KLBLMain;
      KPfwSvc; KWatch3; KWatchSvc; MAILFILT.DLL; McAfee Firewall;
      McAfeeFramework; McShield; McTaskManager; mcupdmgr.exe; MCVSRte;
      Microsoft NetWork FireWall Services; MonSvcNT; MpfService; MpsSvc;
      navapsvc; Ndisuio; NDIS_RD; Network Associates Log Service; nipsvc;
      NISSERV; NISUM; NNTPFILT.DLL; NOD32ControlCenter; NOD32krn;
      NOD32Service; Norman NJeeves; Norman Type-R; Norman ZANDA; Norton
      AntiVirus Server; NPDriver; NPFMntor; NProtectService; NSCTOP; nvcoas;
      NVCScheduler; nwclntc; nwclntd; nwclnte; nwclntf; nwclntg; nwclnth;
      NWService; OfcPfwSvc; Outbreak Manager; Outpost Firewall;
      OutpostFirewall; PASSRV; PAVAGENTE; PavAtScheduler; PAVDRV; PAVFIRES;
      PAVFNSVR; Pavkre; PavProc; PavProt; PavPrSrv; PavReport; PAVSRV;
      PCCPFW; PCC_PFW; PersFW; Personal Firewall; POP3FILT.DLL; PREVSRV;
      PSIMSVC; qhwscsvc; Quick Heal Online Protection; ravmon8; RfwService;
      SAVFMSE; SAVScan; SBService; schscnt; SECRET.DLL; SharedAccess;
      SmcService; SNDSrvc; SPBBCSvc; SpiderNT; SweepNet; SWEEPSRV.SYS;
      Symantec AntiVirus Client; Symantec Core LC; The_Hacker_Antivirus;
      Tmntsrv; TmPfw; tmproxy; tmtdi; tm_cfw; T_H_S_M; V3MonNT; V3MonSvc;
      Vba32ECM; Vba32ifs; Vba32Ldr; Vba32PP3; VBCompManService;
      VexiraAntivirus; VFILT; VisNetic AntiVirus Plug-in; vrfwsvc; vsmon;
      VSSERV; WinAntivirus; WinDefend; WinRoute; wscsvc; wuauserv; xcomm

 Miscellaneous Anti debugging
It checks if one of the following programs is running:
   • SoftIce
   • FileMon
   • RegMog
   • ProcMon
   • Process Explorer
   • DeepFreeze

If it was successful it displays the following and terminates immediately:


 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • Themida

Description insérée par Andrei Gherman le jeudi 31 juillet 2008
Description mise à jour par Andrei Gherman le jeudi 31 juillet 2008

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.