Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Nome del virus:Worm/Kolab.esh.2
Scoperto:12/11/2009
Tipo:Worm
In circolazione (ITW):Si
Numero delle infezioni segnalate:Medio-Basso
Potenziale di propagazione:Medio-Basso
Potenziale di danni:Medio
File statico:Si
Dimensione del file:140.800 Byte
Somma di controllo MD5:1273c9e8b0ab30604c4d9dd195b86e43
Versione IVDF:7.01.06.229 - giovedì 12 novembre 2009

 Generale Metodo di propagazione:
    Autorun feature (it)


Alias:
   •  Sophos: Troj/IRCbot-AGK
   •  Panda: W32/P2PWorm.HQ
   •  Eset: Win32/AutoRun.IRCBot.DI
   •  Bitdefender: Trojan.Delf.Agent.X


Piattaforme / Sistemi operativi:
   • Windows 2000
   • Windows XP
   • Windows 2003


Effetti secondari:
   • Blocca l'accesso a certi siti web
   • Blocca l'accesso a siti web di sicurezza
   • Duplica file maligni
   • Abbassa le impostazioni di sicurezza
   • Modifica del registro
   • Accesso e controllo del computer da parte di terzi

 File Si copia alle seguenti posizioni:
   • %SYSDIR%\wmisprc.exe
   • %unit disco%\RECDIR-5902\data.sys



Cancella la copia di se stesso eseguita inizialmente.



Cancella il seguente file:
   • %SYSDIR%\drivers\etc\hosts



Vengono creati i seguenti file:

%unit disco%\autorun.inf Questo un file di testo non maligno con il seguente contenuto:
   •

%SYSDIR%\drivers\debug32.sys Ulteriori analisi hanno accertato che questo file anch'esso un malware. Riconosciuto come: Worm/IrcBot.11656.6




Prova ad eseguire i seguenti file:

Nome del file:
   • sc config avg8wd start= disabled


Nome del file:
   • net stop NOD32krn


Nome del file:
   • "%SYSDIR%\wmisprc.exe"


Nome del file:
   • CMD /C del /F /S /Q *.com


Nome del file:
   • CMD /C sc stop NOD32krn


Nome del file:
   • ipconfig /flushdns


Nome del file:
   • net1 stop avg8wd


Nome del file:
   • sc delete avg8wd


Nome del file:
   • sc config NOD32krn start= disabled


Nome del file:
   • net stop avg8wd


Nome del file:
   • CMD /C net stop NOD32krn


Nome del file:
   • CMD /C sc config avg8wd start= disabled


Nome del file:
   • sc stop NOD32krn


Nome del file:
   • CMD /C sc delete avg8wd


Nome del file:
   • CMD /C net stop avg8wd


Nome del file:
   • CMD /C sc delete NOD32krn


Nome del file:
   • net1 stop NOD32krn


Nome del file:
   • sc stop avg8wd


Nome del file:
   • CMD /C del /F /S /Q *.zip


Nome del file:
   • CMD /C sc config NOD32krn start= disabled


Nome del file:
   • CMD /C sc stop avg8wd


Nome del file:
   • sc delete NOD32krn


Nome del file:
   • CMD /C del /F /S /Q *.scr

 Registro Uno dei seguenti valori viene aggiunto per eseguire il processo dopo il riavvio:

  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "ctfmon.exe"="ctfmon.exe"



Vengono aggiunte le seguenti chiavi di registro:

[HKLM\SOFTWARE\Policies\Microsoft\MRT]
   • "DontReportInfectionInformation"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Security Center]
   • "AntiVirusDisableNotify"=dword:0x00000001
   • "AntiVirusOverride"=dword:0x00000001
   • "FirewallDisableNotify"=dword:0x00000001
   • "FirewallOverride"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\ctfmon.exe]
   • "Debugger"="wmisprc.exe"

[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
   • "DisableConfig"=dword:0x00000001

[HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
   • "DoNotAllowXPSP2"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\
   Layers]
   • "%SYSDIR%\wmisprc.exe"="DisableNXShowUI"



Vengono cambiate le seguenti chiavi di registro:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
   Nuovo valore:
   • "DisableSR"=dword:0x00000001

Varie opzioni di Explorer:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
   Nuovo valore:
   • "Hidden"=dword:0x00000002

[HKLM\SYSTEM\CurrentControlSet\Control]
   Nuovo valore:
   • "WaitToKillServiceTimeout"="7000"

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]
   Nuovo valore:
   • "ctfmon.exe"="ctfmon.exe"

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List]
   Nuovo valore:
   • "%SYSDIR%\wmisprc.exe"="%SYSDIR%\wmisprc.exe:*:Enabled:Windows Live"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\SuperHidden]
   Nuovo valore:
   • "CheckedValue"=dword:0x00000001

[HKLM\SYSTEM\CurrentControlSet\Control\Lsa]
   Nuovo valore:
   • "restrictanonymous"=dword:0x00000001

[HKLM\SOFTWARE\Microsoft\Ole]
   Nuovo valore:
   • "EnableDCOM"="N"

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network]
   Nuovo valore:
   • "ctfmon.exe"="ctfmon.exe"

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
   FirewallPolicy\DomainProfile\AuthorizedApplications\List]
   Nuovo valore:
   • "%SYSDIR%\wmisprc.exe"="%SYSDIR%\wmisprc.exe:*:Enabled:Windows Live"

[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]
   Nuovo valore:
   • "Start"=dword:0x00000004

 IRC Per inviare informazioni sul sistema e per fornire il controllo remoto, si connette al seguente server IRC:

Server: merlin.fl**********.info
Porta: 40931
Canale: #w1sd0m
Nickname: [00|USA|XP|%numero%]

 Host L'host del file viene modificato come spiegato:

L'accesso ai seguenti domini reindirizzato ad altre destinazioni:
   • 209.85.225.99 msnfix.changelog.fr;
      209.85.225.99 www.incodesolutions.com;
      209.85.225.99 virusinfo.prevx.com;
      209.85.225.99 download.bleepingcomputer.com;
      209.85.225.99 www.dazhizhu.cn; 209.85.225.99 foro.noticias3d.com;
      209.85.225.99 www.nabble.com; 209.85.225.99 lurker.clamav.net;
      209.85.225.99 lexikon.ikarus.at;
      209.85.225.99 research.sunbelt-software.com;
      209.85.225.99 www.virusdoctor.jp; 209.85.225.99 www.elitepvpers.de;
      209.85.225.99 guru.avg.com; 209.85.225.99 www.superuser.co.kr;
      209.85.225.99 ntfaq.co.kr; 209.85.225.99 v.dreamwiz.com;
      209.85.225.99 cit.kookmin.ac.kr; 209.85.225.99 forums.whatthetech.com;
      209.85.225.99 forum.hijackthis.de; 209.85.225.99 avg.vo.llnwd.net;
      209.85.225.99 www.huaifai.go.th; 209.85.225.99 www.mostz.com;
      209.85.225.99 www.krupunmai.com; 209.85.225.99 www.cddchiangmai.net;
      209.85.225.99 forum.malekal.com; 209.85.225.99 tech.pantip.com;
      209.85.225.99 sapcupgrades.com;
      209.85.225.99 www.elguruinformatico.com;
      209.85.225.99 www.247fixes.com; 209.85.225.99 forum.sysinternals.com;
      209.85.225.99 forum.telecharger.01net.com; 209.85.225.99 sophos.com;
      209.85.225.99 foros.softonic.com;
      209.85.225.99 avast-home.uptodown.com;
      209.85.225.99 dr-web-cureit.softonic.com;
      209.85.225.99 www.f-secure.com; 209.85.225.99 www.chkrootkit.org;
      209.85.225.99 diamondcs.com.au; 209.85.225.99 www.rootkit.nl;
      209.85.225.99 www.sysinternals.com; 209.85.225.99 z-oleg.com;
      209.85.225.99 espanol.dir.groups.yahoo.com;
      209.85.225.99 www.castlecrops.com; 209.85.225.99 www.misec.net;
      209.85.225.99 safecomputing.umn.edu;
      209.85.225.99 www.antirootkit.com; 209.85.225.99 www.greatis.com;
      209.85.225.99 ar.answers.yahoo.com; 209.85.225.99 www.elhacker.org;
      209.85.225.99 www.rootkit.com; 209.85.225.99 www.pctools.com;
      209.85.225.99 www.pcsupportadvisor.com;
      209.85.225.99 www.resplendence.com;
      209.85.225.99 www.personal.psu.edu; 209.85.225.99 foro.ethek.com;
      209.85.225.99 foro.elhacker.net; 209.85.225.99 vil.nail.com;
      209.85.225.99 search.mcafee.com; 209.85.225.99 wwww.mcafee.com;
      209.85.225.99 download.nai.com;
      209.85.225.99 wwww.experts-exchange.com;
      209.85.225.99 www.bakunos.com; 209.85.225.99 www.darkclockers.com;
      209.85.225.99 www.Merijn.org; 209.85.225.99 www.spywareinfo.com;
      209.85.225.99 www.spybot.info; 209.85.225.99 www.viruslist.com;
      209.85.225.99 www.hijackthis.de; 209.85.225.99 www.f-secure.com;
      209.85.225.99 forum.kaspersky.com;
      209.85.225.99 es.trendmicro-europe.com; 209.85.225.99 majorgeeks.com;
      209.85.225.99 www.avp.com; 209.85.225.99 www.virustotal.com;
      209.85.225.99 www.sophos.com; 209.85.225.99 linhadefensiva.uol.com.br;
      209.85.225.99 cmmings.cn; 209.85.225.99 www.sergiwa.com;
      209.85.225.99 www.el-hacker.com; 209.85.225.99 www.avg-antivirus.net;
      209.85.225.99 www.kaspersky-labs.com; 209.85.225.99 www.kaspersky.com;
      209.85.225.99 www.bleepingcomputer.com;
      209.85.225.99 www.free.grisoft.com;
      209.85.225.99 alerta-antivirus.inteco.es;
      209.85.225.99 securityresponse.symantec.com;
      209.85.225.99 www.analysis.seclab.tuwien.ac.at;
      209.85.225.99 www.symantec.com; 209.85.225.99 www.kztechs.com;
      209.85.225.99 ad-aware-se.uptodown.com;
      209.85.225.99 stdio-labs.blogspot.com;
      209.85.225.99 liveupdate.symantecliveupdate.com;
      209.85.225.99 liveupdate.symantec.com;
      209.85.225.99 customer.symantec.com;
      209.85.225.99 update.symantec.com; 209.85.225.99 www.box.net;
      209.85.225.99 foro.el-hacker.com; 209.85.225.99 www.mcafee.com;
      209.85.225.99 www.free.avg.com; 209.85.225.99 download.mcafee.com;
      209.85.225.99 mast.mcafee.com; 209.85.225.99 www.tecno-soft.com;
      209.85.225.99 ladooscuro.es; 209.85.225.99 ftp.drweb.com;
      209.85.225.99 download.microsoft.comguru0.grisoft.cz;
      209.85.225.99 guru1.grisoft.cz; 209.85.225.99 guru2.grisoft.cz;
      209.85.225.99 guru3.grisoft.cz;
      209.85.225.99 download.bleepingcomputer.com;
      209.85.225.99 it.answers.yahoo.com; 209.85.225.99 www.softonic.com;
      209.85.225.99 guru4.grisoft.cz; 209.85.225.99 guru5.grisoft.cz;
      209.85.225.99 www.virusspy.com;
      209.85.225.99 www.download.f-secure.com;
      209.85.225.99 www.malwareremoval.com; 209.85.225.99 forums.cnet.com;
      209.85.225.99 foros.softonic.com;
      209.85.225.99 hjt-data.trend-braintree.com;
      209.85.225.99 www.pantip.com; 209.85.225.99 secubox.aldria.com;
      209.85.225.99 www.forospyware.com;
      209.85.225.99 www.manuelruvalcaba.com;
      209.85.225.99 www.zonavirus.com; 209.85.225.99 www.leforo.com;
      209.85.225.99 www.siteadvisor.com; 209.85.225.99 blog.threatfire.com;
      209.85.225.99 www.threatexpert.com; 209.85.225.99 blog.hispasec.com;
      209.85.225.99 www.configurarequipos.com;
      209.85.225.99 sosvirus.changelog.fr; 209.85.225.99 www.psicofxp.com;
      209.85.225.99 mailcenter.rising.com.cn;
      209.85.225.99 mailcenter.rising.com; 209.85.225.99 www.rising.com.cn;
      209.85.225.99 www.rising.com; 209.85.225.99 www.babooforum.com.br;
      209.85.225.99 www.runscanner.net; 209.85.225.99 www.blogschapines.com;
      209.85.225.99 sosvirus.changelog.fr;
      209.85.225.99 upload.changelog.fr; 209.85.225.99 www.raymond.cc;
      209.85.225.99 changelog.fr; 209.85.225.99 www.pcentraide.com;
      209.85.225.99 atazita.blogspot.com; 209.85.225.99 www.thinkpad.cn;
      209.85.225.99 www.final4ever.com; 209.85.225.99 files.filefont.com;
      209.85.225.99 www.infos-du-net.com; 209.85.225.99 www.trendsecure.com;
      209.85.225.99 forum.hardware.fr;
      209.85.225.99 www.utilidades-utiles.com;
      209.85.225.99 blogs.icerocket.com; 209.85.225.99 www.spychecker.com;
      209.85.225.99 www.geekstogo.com; 209.85.225.99 forums.maddoktor2.com;
      209.85.225.99 www.smokey-services.eu; 209.85.225.99 www.clubic.com;
      209.85.225.99 www.linhadefensiva.org;
      209.85.225.99 www.rolandovera.com;
      209.85.225.99 download.sysinternals.com;
      209.85.225.99 www.pcguide.com; 209.85.225.99 www.thetechguide.com;
      209.85.225.99 www.ozzu.com; 209.85.225.99 www.changedetection.com;
      209.85.225.99 espanol.groups.yahoo.com;
      209.85.225.99 www.sunbeltsecurity.com;
      209.85.225.99 community.thaiware.com;
      209.85.225.99 www.avpclub.ddns.info;
      209.85.225.99 www.offensivecomputing.net;
      209.85.225.99 www.grisoft.com; 209.85.225.99 boardreader.com;
      209.85.225.99 www.guiadohardware.net;
      209.85.225.99 www.msnvirusremoval.com; 209.85.225.99 www.cisrt.org;
      209.85.225.99 fixmyim.com; 209.85.225.99 samroeng.hi5.com;
      209.85.225.99 foro.elhacker.net; 209.85.225.99 www.daboweb.com;
      209.85.225.99 service1.symantec.com; 209.85.225.99 forums.techguy.org;
      209.85.225.99 www.incodesolutions.com;
      209.85.225.99 hijackthis.download3000.com;
      209.85.225.99 www.cybertechhelp.com;
      209.85.225.99 www.superdicas.com.br; 209.85.225.99 www.51nb.com;
      209.85.225.99 downloads.andymanchesta.com;
      209.85.225.99 andymanchesta.com; 209.85.225.99 info.prevx.com;
      209.85.225.99 aknow.prevx.com; 209.85.225.99 www.zonavirus.com;
      209.85.225.99 securitywonks.net; 209.85.225.99 www.yoreparo.com;
      209.85.225.99 www.lavasoft.com; 209.85.225.99 www.virscan.org;
      209.85.225.99 www.eeload.com; 209.85.225.99 down.www.kingsoft.com;
      209.85.225.99 www.file.net; 209.85.225.99 onecare.live.com;
      209.85.225.99 mvps.org; 209.85.225.99 www.laneros.com;
      209.85.225.99 www.housecall.trendmicro.com;
      209.85.225.99 www.avast.com; 209.85.225.99 www.free.avg.com;
      209.85.225.99 www.onlinescan.avast.com; 209.85.225.99 www.ewido.net;
      209.85.225.99 www.trucoswindows.net;
      209.85.225.99 www.mozilla-hispano.org;
      209.85.225.99 www.futurenow.bitdefender.com;
      209.85.225.99 www.bitdefender.com; 209.85.225.99 www.f-prot.com;
      209.85.225.99 www.trendsecure.com;
      209.85.225.99 security.symantec.com;
      209.85.225.99 oldtimer.geekstogo.com; 209.85.225.99 www.avira.com;
      209.85.225.99 www.eset.com; 209.85.225.99 www.free.avg.com;
      209.85.225.99 www.free-av.com; 209.85.225.99 kr.ahnlab.com;
      209.85.225.99 www.eset.com; 209.85.225.99 forospyware.com;
      209.85.225.99 thejokerx.blogspot.com; 209.85.225.99 www.2-spyware.com;
      209.85.225.99 www.antivir.es; 209.85.225.99 www.prevx.com;
      209.85.225.99 www.ikarus.net; 209.85.225.99 bbs.s-sos.net;
      209.85.225.99 www.housecall.trendmicro.com;
      209.85.225.99 www.superdicas.com.br;
      209.85.225.99 www.forums.majorgeeks.com;
      209.85.225.99 www.castlecops.com; 209.85.225.99 www.virusspy.com;
      209.85.225.99 andymanchesta.com; 209.85.225.99 www.kaspersky.es;
      209.85.225.99 subs.geekstogo.com; 209.85.225.99 www.forospanish.com;
      209.85.225.99 www.trendmicro.com; 209.85.225.99 www.fortinet.com;
      209.85.225.99 www.safer-networking.org;
      209.85.225.99 www.fortiguardcenter.com;
      209.85.225.99 www.dougknox.com; 209.85.225.99 www.vsantivirus.com;
      209.85.225.99 static.commentcamarche.net;
      209.85.225.99 www.firewallguide.com; 209.85.225.99 www.auditmypc.com;
      209.85.225.99 www.spywaredb.com; 209.85.225.99 www.mxttchina.com;
      209.85.225.99 www.ziggamza.net; 209.85.225.99 www.forospyware.es;
      209.85.225.99 pogonyuto.forospanish.com;
      209.85.225.99 www.antivirus.comodo.com;
      209.85.225.99 www.spywareterminator.com;
      209.85.225.99 www.eradicatespyware.net;
      209.85.225.99 www.freespywareremoval.info;
      209.85.225.99 www.personalfirewall.comodo.com;
      209.85.225.99 www.clamav.net; 209.85.225.99 www.antivirus.about.com;
      209.85.225.99 www.pandasecurity.com; 209.85.225.99 www.webphand.com;
      209.85.225.99 mx.answers.yahoo.com;
      209.85.225.99 www.securitywonks.net;
      209.85.225.99 www.messengeradictos.com;
      209.85.225.99 www.sandboxie.com; 209.85.225.99 www.clamwin.com;
      209.85.225.99 www.cwsandbox.org; 209.85.225.99 www.ca.com;
      209.85.225.99 www.arswp.com; 209.85.225.99 es.answers.yahoo.com;
      209.85.225.99 www.trucoswindows.es; 209.85.225.99 www.ipaddresser.com;
      209.85.225.99 www.networkworld.com;
      209.85.225.99 www.cddchiangmai.net;
      209.85.225.99 www.threatexpert.com; 209.85.225.99 www.norman.com;
      209.85.225.99 espanol.answers.yahoo.com;
      209.85.225.99 www.tallemu.com; 209.85.225.99 foro.portalhacker.net;
      209.85.225.99 virscan.org; 209.85.225.99 www.viruschief.com;
      209.85.225.99 scanner.virus.org; 209.85.225.99 www.hijackthis.de;
      209.85.225.99 housecall65.trendmicro.com;
      209.85.225.99 www.guiadohardware.net;
      209.85.225.99 forums.whatthetech.com;
      209.85.225.99 hjt.networktechs.com;
      209.85.225.99 www.techsupportforum.com;
      209.85.225.99 www.whatthetech.com; 209.85.225.99 www.soccersuck.com;
      209.85.225.99 www.pcentraide.com;
      209.85.225.99 comunidad.wilkinsonpc.com.co;
      209.85.225.99 forum.piriform.com;
      209.85.225.99 www.tweaksforgeeks.com; 209.85.225.99 www.daniweb.com;
      209.85.225.99 www.geekstogo.com; 209.85.225.99 es.answers.yahoo.com;
      209.85.225.99 www.techsupportforum.com; 209.85.225.99 www.pchell.com;
      209.85.225.99 www.spyany.com; 209.85.225.99 forums.techguy.org;
      209.85.225.99 www.experts-exchange.com; 209.85.225.99 www.wikio.es;
      209.85.225.99 www.pandasecurity.com; 209.85.225.99 forums.devshed.com;
      209.85.225.99 forum.tweaks.com; 209.85.225.99 www.wilderssecurity.com;
      209.85.225.99 www.techspot.com;
      209.85.225.99 www.thecomputerpitstop.com;
      209.85.225.99 es.wasalive.com; 209.85.225.99 secunia.com;
      209.85.225.99 www.killtrojan.net; 209.85.225.99 es.kioskea.net;
      209.85.225.99 www.taringa.net; 209.85.225.99 www.cyberdefender.com;
      209.85.225.99 www.feedage.com; 209.85.225.99 new.taringa.net;
      209.85.225.99 forum.zazana.com;
      209.85.225.99 forum.clubedohardware.com.br;
      209.85.225.99 www.computing.net;
      209.85.225.99 discussions.virtualdr.com;
      209.85.225.99 forum.securitycadets.com; 209.85.225.99 www.techimo.com;
      209.85.225.99 13iii.com; 209.85.225.99 www.dicasweb.com.br;
      209.85.225.99 www.infosecpodcast.com; 209.85.225.99 www.usbcleaner.cn;
      209.85.225.99 www.net-security.org;
      209.85.225.99 www.bleedingthreats.net;
      209.85.225.99 acs.pandasoftware.com; 209.85.225.99 www.funkytoad.com;
      209.85.225.99 www.360safe.cn; 209.85.225.99 www.360safe.com;
      209.85.225.99 bbs.360safe.cn; 209.85.225.99 bbs.360safe.com;
      209.85.225.99 codehard.wordpress.com;
      209.85.225.99 forum.clubedohardware.com.br;
      209.85.225.99 antitrick.com; 209.85.225.99 www.360.cn;
      209.85.225.99 www.360.com; 209.85.225.99 bbs.360safe.cn;
      209.85.225.99 bbs.360safe.com; 209.85.225.99 www.forospyware.es;
      209.85.225.99 p3dev.taringa.net;
      209.85.225.99 www.precisesecurity.com; 209.85.225.99 baike.360.cn;
      209.85.225.99 baike.360.com; 209.85.225.99 kaba.360.cn;
      209.85.225.99 kaba.360.com; 209.85.225.99 deckard.geekstogo.com;
      209.85.225.99 www.taringa.net; 209.85.225.99 forums.comodo.com;
      209.85.225.99 www.mvps.org; 209.85.225.99 down.360safe.cn;
      209.85.225.99 down.360safe.com; 209.85.225.99 x.360safe.com;
      209.85.225.99 dl.360safe.com; 209.85.225.99 ftp.drweb.com;
      209.85.225.99 www.hotshare.net; 209.85.225.99 es.wasalive.com;
      209.85.225.99 free.antivirus.com; 209.85.225.99 updatem.360safe.com;
      209.85.225.99 updatem.360safe.cn; 209.85.225.99 update.360safe.cn;
      209.85.225.99 update.360safe.com;
      209.85.225.99 www.utilidades-utiles.com;
      209.85.225.99 forum.kaspersky.com; 209.85.225.99 bbs.duba.net;
      209.85.225.99 www.duba.net; 209.85.225.99 zhidao.baidu.com;
      209.85.225.99 hi.baidu.com; 209.85.225.99 www.drweb.com.es;
      209.85.225.99 msncleaner.softonic.com;
      209.85.225.99 www.javacoolsoftware.com; 209.85.225.99 file.ikaka.com;
      209.85.225.99 file.ikaka.cn; 209.85.225.99 bbs.ikaka.com;
      209.85.225.99 zhidao.ikaka.com; 209.85.225.99 www.eset-la.com;
      209.85.225.99 www.eset-la.com;
      209.85.225.99 software-files.download.com;
      209.85.225.99 www.ikaka.com; 209.85.225.99 www.ikaka.cn;
      209.85.225.99 bbs.cfan.com.cn; 209.85.225.99 www.cfan.com.cn;
      209.85.225.99 www.pandasecurity.com; 209.85.225.99 es.mcafee.com;
      209.85.225.99 downloads.malwarebytes.org; 209.85.225.99 bbs.kafan.cn;
      209.85.225.99 bbs.kafan.com; 209.85.225.99 bbs.kpfans.com;
      209.85.225.99 bbs.taisha.org; 209.85.225.99 www.manuelruvalcaba.com;
      209.85.225.99 support.f-secure.com; 209.85.225.99 bbs.winzheng.com;
      209.85.225.99 alerta-antivirus.inteco.es;
      209.85.225.99 foros.zonavirus.com;
      209.85.225.99 alerta-antivirus.red.es;
      209.85.225.99 www.zonavirus.com; 209.85.225.99 www.malwarebytes.org;
      209.85.225.99 www.commentcamarche.net; 209.85.225.99 www.ewido.net;
      209.85.225.99 www.infospyware.com; 209.85.225.99 www.bitdefender.es;
      209.85.225.99 housecall.trendmicro.com;
      209.85.225.99 foros.toxico-pc.com; 209.85.225.99 www.identi.es;
      209.85.225.99 es.kioskea.net; 209.85.225.99 www.emsisoft.de;
      209.85.225.99 www.securitynewsportal.com


 Dettagli del file Linguaggio di programmazione:
Il malware stato scritto in Delphi.

Descrizione inserita da Petre Galan su giovedì 8 aprile 2010
Descrizione aggiornata da Petre Galan su venerdì 9 aprile 2010

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.