Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Date discovered:30/06/2010
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:262.144 Bytes
MD5 checksum:a477ca82726e9998a5914cff90783f57
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Symantec: W32.SillyFDC
   •  Mcafee: W32/Autorun.worm.bx
   •  Kaspersky: Worm.Win32.AutoRun.bqpq
   •  Sophos: Mal/Emogen-Y

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7

Side effects:
   • Drops files
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %PROGRAM FILES%\Common Files\svchost.exe

The following files are created:

– %tempdir%\xx%number% This is a non malicious text file with the following content:
   • Retrieved system specific informations.

%PROGRAM FILES%\Common Files\log\%computer name%\%current

 Registry The following registry keys are added:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   • "CheckedValue"="dword:00000001"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   • "UncheckedValue"="dword:00000000"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   • "Userinit"="%SYSDIR%\userinit.exe,%PROGRAM FILES%\Common Files\svchost.exe -s"

 Backdoor Sends information about:
    • CPU speed
    • CPU type
    • Hardware
    • IP address
    • MAC address
    • Information about the network
    • Platform ID
    • System directory
    • System time
    • Windows directory
    • Information about the Windows operating system

 Miscellaneous Trusted file pretending:
Its process pretends to be the following trusted process: svchost.exe

 File details Programming language:
The malware program was written in MS Visual C++.

Description insérée par Andrei Ilie le mercredi 16 février 2011
Description mise à jour par Andrei Ilie le vendredi 18 février 2011

Retour . . . .