Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Date discovered:20/08/2010
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:151.552 Bytes
MD5 checksum:eb705dcc0aa25f73d45aca7e48de03e6
VDF version:
IVDF version:

 General Methods of propagation:
   • Autorun feature
   • Local network
   • Messenger

   •  Bitdefender: Worm.Generic.268425
   •  Panda: W32/Slenfbot.AD
   •  Eset: Win32/AutoRun.IRCBot.DZ

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Drops malicious files

 Files It copies itself to the following location:
   • %drive%\apdlgmdi.exe

The following file is created:

%drive%\autorun.inf This is a non malicious text file with the following content:
   • %code that runs malware%

 Messenger It is spreading via Messenger. The characteristics are described below:

– Xfire

 Network Infection In order to ensure its propagation the malware attemps to connect to other machines as described below.

It makes use of the following Exploits:
– MS04-007 (ASN.1 Vulnerability)
– MS06-040 (Vulnerability in Server Service)

 Miscellaneous  Checks for an internet connection by contacting the following web site:
Accesses internet resources:

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description insérée par Petre Galan le mardi 18 janvier 2011
Description mise à jour par Petre Galan le mardi 18 janvier 2011

Retour . . . .