Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Virus:BDS/Androm.AD.2
Date discovered:19/06/2013
Type:Backdoor Server
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:No
File size:102400 Bytes
MD5 checksum:555d0a832260d6ec264f23410d1225a2
VDF version:7.11.85.142 - Wednesday, June 19, 2013
IVDF version:7.11.85.142 - Wednesday, June 19, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Sophos: Troj/Agent-ACHG
     AVG: SHeur4.BKYS
   •  Eset: Win32/Injector.AIGO
     GData: Trojan.GenericKD.1055275
     DrWeb: Trojan.Winlock.3333


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Drops a malicious file
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %TEMPDIR%\%random character string%.pre



It deletes the initially executed copy of itself.



It deletes the following file:
   • %TEMPDIR%\%random character string%.pre



The following file is created:

%HOME%\%random character string%\%random character string%.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too.

 Registry The following registry key is added in order to run the process after reboot:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%random character string%"="%HOME%\%random character string%\%random character string%.exe"

 Injection  It injects the following file into processes: ctfmon.exe, explorer.exe

 Miscellaneous Accesses internet resources:
   • privat-**********-service.com
   • jet**********.com

Description insérée par Wensin Lee le jeudi 20 juin 2013
Description mise à jour par Wensin Lee le jeudi 20 juin 2013

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.