Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Date discovered:22/06/2010
In the wild:Yes
Reported Infections:Low
Distribution Potential:Medium
Damage Potential:Low to medium
Static file:Yes
File size:126.976 Bytes
MD5 checksum:31c7f905e045a088a3a52eecb057f87d
VDF version:

 General Methods of propagation:
   • Email
   • Peer to Peer

   •  Mcafee: W32/Palevo
   •  Kaspersky: P2P-Worm.Win32.Palevo.amzc
   •  Bitdefender: Trojan.Generic.KD.16644
   •  Microsoft: Trojan:Win32/Malagent
   •  Eset: Win32/SpamTool.Tedroo.AN

Platforms / OS:
   • Windows 2000
   • Windows XP

 Files It copies itself to the following location:
   • %systemdir%\msvmiode.exe

 Registry The following registry key is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "MSODESNV7"="%SYSDIR%\msvmiode.exe"

The following registry key is added:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup]
   • "ridt100413"="1"
   • "id"="52270412984101212438367851066542"
   • "host"="91.212.1**.**7"

 Mailing MX Server:
It has the ability to contact one of the following MX servers:

 Backdoor Contact server:
The following:
   • update2.helo****.com

Description insérée par Mihai Dilimot le jeudi 12 août 2010
Description mise à jour par Mihai Dilimot le jeudi 12 août 2010

Retour . . . .