Descrizione completa

Nome del virus:	TR/Zlob.2.14950
Scoperto:	05/09/2010
Tipo:	Trojan
In circolazione (ITW):	Si
Numero delle infezioni segnalate:	Medio-Basso
Potenziale di propagazione:	Medio
Potenziale di danni:	Medio
File statico:	Si
Dimensione del file:	149.504 Byte
Somma di controllo MD5:	2ee076be49db3a35b26654a78f9bba1e
Versione IVDF:	7.10.11.87 - domenica 5 settembre 2010

Generale Metodi di propagazione:
   • Funzione di esecuzione automatica
   • Rete locale
   • Messenger

Alias:
   • Bitdefender: Backdoor.SDBot.DGGH
   • Panda: W32/Kolabc.BH.worm
   • Eset: Win32/AutoRun.IRCBot.FE

Piattaforme / Sistemi operativi:
   • Windows 2000
   • Windows XP
   • Windows 2003

Effetti secondari:
   • Accesso e controllo del computer da parte di terzi
   • Blocca l'accesso a siti web di sicurezza
   • Duplica file “maligni”

File Si copia alla seguente posizione:
• %unità disco%\~pilhgmufgj.exe

Sovrascrive un file.
– %SYSDIR%\drivers\etc\hosts

Viene creato il seguente file:

– %unità disco%\autorun.inf Questo è un file di testo “non maligno” con il seguente contenuto:
• %codice che avvia malware%

Messenger Si diffonde via Messenger. Le caratteristiche sono descritte sotto:

– Paltalk
– Xfire
– Yahoo Messenger

L'URL si riferisce così a una copia del malware descritto. Se l'utente scarica ed esegue questo file, il processo virale ricomincia di nuovo.

“Infezione” della rete Per assicurarsi la propria propagazione, il malware tenta di connettersi ad altre macchine come descritto qui sotto:

Exploit:
Sfrutta le seguenti vulnerabilità:
– MS04-007 (ASN.1 Vulnerability)
– MS06-040 (Vulnerability in Server Service)

IRC Per inviare informazioni sul sistema e per fornire il controllo remoto, si connette al seguente server IRC:

Server: %server IRC%
Canale: #te3pe3
Nickname: [N00_USA_XP_%numero%]

Host L'host del file viene modificato come spiegato:

– L'accesso ai seguenti domini è effettivamente bloccato:
   • msnfix.changelog.fr
   • www.incodesolutions.com
   • virusinfo.prevx.com
   • download.bleepingcomputer.com
   • www.dazhizhu.cn
   • foro.noticias3d.com
   • www.spybotupdates.com
   • club.myce.com
   • www.k7computing.com
   • softwaresecuritysolutions.com
   • antonbi.web.id
   • igoblog.info
   • www.nabble.com
   • lurker.clamav.net
   • lexikon.ikarus.at
   • research.sunbelt-software.com
   • www.virusdoctor.jp
   • www.elitepvpers.de
   • guru.avg.com
   • downloads.sophos.com
   • share.skype.com
   • myantispyware.com
   • www.computerhilfen.de
   • fgsite.com
   • ca.answers.yahoo.com
   • www.superuser.co.kr
   • ntfaq.co.kr
   • v.dreamwiz.com
   • cit.kookmin.ac.kr
   • forums.whatthetech.com
   • forum.hijackthis.de
   • avg.vo.llnwd.net
   • ftp.drweb.com
   • www.zonealarm.com
   • smadaver.com
   • support.emsisoft.com
   • psychoski.blogspot.com
   • www.corozilla.net
   • www.huaifai.go.th
   • www.mostz.com
   • www.krupunmai.com
   • www.cddchiangmai.net
   • forum.malekal.com
   • tech.pantip.com
   • sapcupgrades.com
   • www.elguruinformatico.com
   • forums.avg.com
   • zastita.com
   • support.kaspersky.com
   • foro.msgpluslive.es
   • www.tongjimba.com
   • www.247fixes.com
   • forum.sysinternals.com
   • forum.telecharger.01net.com
   • sophos.com
   • foros.softonic.com
   • avast-home.uptodown.com
   • dr-web-cureit.softonic.com
   • heavenward.ru
   • forum.smadav.net
   • www.forum.kaspersky.com
   • www.dl4all.com
   • www.freshwap.net
   • www.f-secure.com
   • www.chkrootkit.org
   • diamondcs.com.au
   • www.rootkit.nl
   • www.sysinternals.com
   • z-oleg.com
   • espanol.dir.groups.yahoo.com
   • ftp01net.telechargement.fr
   • modelayu.com
   • vaksin.com
   • bbs.kaspersky.com.cn
   • sf.tapuz.co.il
   • www.downtr.net
   • www.castlecrops.com
   • www.misec.net
   • safecomputing.umn.edu
   • www.antirootkit.com
   • www.greatis.com
   • ar.answers.yahoo.com
   • www.elhacker.org
   • research.pandasecurity.com
   • www.tpu.ro
   • www.pinoyden.com
   • forum.avira.de
   • www.tanya-it.com
   • topsy.com
   • answers.microsoft.com
   • www.rootkit.com
   • www.pctools.com
   • www.pcsupportadvisor.com
   • www.resplendence.com
   • www.personal.psu.edu
   • foro.ethek.com
   • foro.elhacker.net
   • download.zonealarm.com
   • spywarehammer.com
   • www.codelain.com
   • www.thaicert.org
   • wenwen.soso.com
   • social.technet.microsoft.com
   • vil.nail.com
   • search.mcafee.com
   • wwww.mcafee.com
   • download.nai.com
   • wwww.experts-exchange.com
   • www.bakunos.com
   • www.darkclockers.com
   • www2.gmer.net
   • ariefew.com
   • www.emsisoft.com
   • forum.romeonet.ro
   • www.arenajunkies.com
   • zenovy.com
   • www.removeitpro.net
   • www.Merijn.org
   • www.spywareinfo.com
   • www.spybot.info
   • www.viruslist.com
   • www.hijackthis.de
   • ftp.f-secure.com
   • forum.kaspersky.com
   • es.trendmicro-europe.com
   • www.hvaonline.net
   • forum.lowyat.net
   • kb.eset.com
   • www.pcwelt.de
   • bokwer.com
   • www.mypcsafe.com
   • majorgeeks.com
   • www.avp.com
   • www.virustotal.com
   • www.sophos.com
   • linhadefensiva.uol.com.br
   • cmmings.cn
   • www.sergiwa.com
   • www.el-hacker.com
   • dl2.agnitum.com
   • forum.smadav.net
   • images.malwareremoval.com
   • front.prevx.com
   • ad.harrenmedianetwork.com
   • www.avg-antivirus.net
   • www.kaspersky-labs.com
   • www.kaspersky.com
   • www.bleepingcomputer.com
   • www.free.grisoft.com
   • alerta-antivirus.inteco.es
   • greatis.com
   • www.oprekpc.com
   • www.gmer.net
   • forum.kasperskyclub.com
   • computadoras.migold.com
   • technet.microsoft.com
   • securityresponse.symantec.com
   • www.analysis.seclab.tuwien.ac.at
   • www.symantec.com
   • www.kztechs.com
   • ad-aware-se.uptodown.com
   • stdio-labs.blogspot.com
   • forum.lrytas.lt
   • www.decido.de
   • wap.elakiri.com
   • ot-indo.blogspot.com
   • artsoftdesign.com
   • forum.bkav.com.vn
   • liveupdate.symantecliveupdate.com
   • liveupdate.symantec.com
   • customer.symantec.com
   • update.symantec.com
   • www.box.net
   • foro.el-hacker.com
   • acs.pandasoftware.com
   • egavisa.blogspot.com
   • angui123.cn
   • beta.eset.com
   • www.ixtorrent.com
   • forum.programosy.pl
   • www.mcafee.com
   • download.mcafee.com
   • mast.mcafee.com
   • www.tecno-soft.com
   • ladooscuro.es
   • ftp.drweb.com
   • download.microsoft.com
   • www.mypcsafe.com
   • www.blindedbytech.com
   • kaspersky.com
   • sis-admin.blogspot.com
   • www.protecus.de
   • pastebin.com
   • software.informer.com
   • guru0.grisoft.cz
   • guru1.grisoft.cz
   • guru2.grisoft.cz
   • guru3.grisoft.cz
   • download.bleepingcomputer.com
   • it.answers.yahoo.com
   • www.softonic.com
   • www.mycity.rs
   • cairopt.net
   • rootrepeal.googlepages.com
   • www.windowexe.com
   • fineartschance.com
   • webmonster.sapaan.net
   • guru4.grisoft.cz
   • guru5.grisoft.cz
   • www.virusspy.com
   • download.f-secure.com
   • www.malwareremoval.com
   • forums.cnet.com
   • foros.softonic.com
   • www.freedrweb.com
   • www.kaskus.us
   • rootrepeal.psikotick.com
   • thaicert.nectec.or.th
   • rareartonline.com
   • www.computing.net
   • hjt-data.trend-braintree.com
   • www.pantip.com
   • secubox.aldria.com
   • www.forospyware.com
   • www.manuelruvalcaba.com
   • www.zonavirus.com
   • www.leforo.com
   • www.gsmph.com
   • blokvesti.net
   • www.viprasys.org
   • forum.antivir-pe.de
   • www.nhatnghe.com
   • forum.antivirus365.net
   • www.siteadvisor.com
   • blog.threatfire.com
   • www.threatexpert.com
   • blog.hispasec.com
   • www.configurarequipos.com
   • sosvirus.changelog.fr
   • www.psicofxp.com
   • www.gsmph.net
   • www.gyakorikerdesek.hu
   • us.mcafee.com
   • www.malekal.com
   • yourartmuseum.com
   • www.trucoswindows.net
   • mailcenter.rising.com.cn
   • mailcenter.rising.com
   • www.rising.com.cn
   • www.rising.com
   • www.babooforum.com.br
   • www.runscanner.net
   • www.blogschapines.com
   • www.zyzoom.org
   • www.avsoft.ru
   • www.elakiri.com
   • forum.telecharger.01net.com
   • www.com-th.net
   • forum.berloga.net
   • sosvirus.changelog.fr
   • upload.changelog.fr
   • www.raymond.cc
   • changelog.fr
   • www.pcentraide.com
   • atazita.blogspot.com
   • www.thinkpad.cn
   • www.sunbeltsoftware.com
   • cert.inteco.es
   • www.gamexeon.com
   • nod32-antivirus.en.softonic.co
   • www.virus-com.com
   • www.final4ever.com
   • files.filefont.com
   • www.infos-du-net.com
   • www.trendsecure.com
   • forum.hardware.fr
   • www.utilidades-utiles.com
   • blogs.icerocket.com
   • www.spywarefri.dk
   • alfrasha.maktoob.com
   • www.eset.eu
   • quickscan.bitdefender.com
   • www.xmarks.com
   • www.spychecker.com
   • www.geekstogo.com
   • forums.maddoktor2.com
   • www.smokey-services.eu
   • www.clubic.com
   • www.linhadefensiva.org
   • www.rolandovera.com
   • forum.burek.com
   • secure.sophos.com
   • usa.kaspersky.com
   • board.softpedia.com
   • www.pinoytambaygroup.com
   • download.sysinternals.com
   • www.pcguide.com
   • www.thetechguide.com
   • www.ozzu.com
   • www.changedetection.com
   • espanol.groups.yahoo.com
   • www.sunbeltsecurity.com
   • www.quickheal.co.in
   • www.vivalared.com
   • thailand.itmylike.com
   • harrenmedianetwork.com
   • forum.scpgsm.net
   • community.thaiware.com
   • www.avpclub.ddns.info
   • www.offensivecomputing.net
   • www.grisoft.com
   • boardreader.com
   • www.guiadohardware.net
   • www.webroot.com
   • www.thehelper.net
   • www.kaldata.com
   • vil.nai.com
   • www.malwarecrypt.com
   • www.latest-virus.com
   • www.msnvirusremoval.com
   • www.cisrt.org
   • fixmyim.com
   • samroeng.hi5.com
   • foro.elhacker.net
   • www.daboweb.com
   • service1.symantec.com
   • us3.download.comodo.com
   • forum.gsmhosting.com
   • www.computerforum.com
   • forum.avast.com
   • www.ixtorrent.com
   • mx.answers.yahoo.com
   • forums.techguy.org
   • www.incodesolutions.com
   • hijackthis.download3000.com
   • www.cybertechhelp.com
   • www.superdicas.com.br
   • www.51nb.com
   • us4.download.comodo.com
   • www.jbtalks.cc
   • ad13.geekstogo.com
   • forums.eternion-wow.com
   • simplyrudz.blogspot.com
   • downloads.andymanchesta.com
   • andymanchesta.com
   • info.prevx.com
   • aknow.prevx.com
   • www.zonavirus.com
   • securitywonks.net
   • www.yoreparo.com
   • www.spywarecease.com
   • forum.dobreprogramy.pl
   • community.mcafee.com
   • board.protecus.de
   • tech.pantip.com
   • www.lavasoft.com
   • www.virscan.org
   • www.eeload.com
   • down.www.kingsoft.com
   • www.file.net
   • onecare.live.com
   • mvps.org
   • www.laneros.com
   • www.pc1news.com
   • forum.avira.com
   • downloads.novirusthanks.org
   • www.pinoyhackers.com
   • www.superadblocker.com
   • www.housecall.trendmicro.com
   • www.avast.com
   • www.free.avg.com
   • www.onlinescan.avast.com
   • www.ewido.net
   • www.trucoswindows.net
   • www.mozilla-hispano.org
   • www.jackbloodforum.com
   • www.kosandpol.elakiri.com
   • www.thaivisa.com
   • forum.bullguard.com
   • www.futurenow.bitdefender.com
   • www.bitdefender.com
   • www.f-prot.com
   • www.trendsecure.com
   • security.symantec.com
   • oldtimer.geekstogo.com
   • sopiansantosa.blogspot.com
   • www.fileresearchcenter.com
   • www.looktr.com
   • www.zone-it.com
   • somostuyyounnuevodiaoficial.obolog.com
   • www.avira.com
   • www.eset.com
   • free.avg.com
   • www.free-av.com
   • kr.ahnlab.com
   • www.eset.com
   • forospyware.com
   • thejokerx.blogspot.com
   • cairopt.net
   • oolbar.cyberdefender.com
   • golpe.dyndns.org
   • forum.aiutamici.com
   • solit.us
   • bisnismudahsaja.blogspot.com
   • www.2-spyware.com
   • www.antivir.es
   • www.prevx.com
   • www.ikarus.net
   • bbs.s-sos.net
   • www.housecall.trendmicro.com
   • www.superdicas.com.br
   • www.superantispyware.com
   • www.unhackme.com
   • www.askmehelpdesk.com
   • forum.zebulon.fr
   • regfixerror.pctools.revenuewire.net
   • www.forums.majorgeeks.com
   • www.castlecops.com
   • www.virusspy.com
   • andymanchesta.com
   • www.kaspersky.es
   • subs.geekstogo.com
   • www.forospanish.com
   • blog.rnsafe.com
   • www.regrun.com
   • irc.snahosting.net
   • danielorza.net
   • www.pchelpforum.com
   • ftp.pcpitstop.com
   • www.trendmicro.com
   • www.fortinet.com
   • www.safer-networking.org
   • www.fortiguardcenter.com
   • www.dougknox.com
   • www.vsantivirus.com
   • static.commentcamarche.net
   • www.gyakorikerdesek.hu
   • www.fixya.com
   • www.alabamawomen.org
   • www.spywareremovalblog.com
   • www.firewallguide.com
   • www.auditmypc.com
   • www.spywaredb.com
   • www.mxttchina.com
   • www.ziggamza.net
   • www.forospyware.es
   • pogonyuto.forospanish.com
   • spywarefiles.prevx.com
   • k2r.th3kings.net
   • www.betterantivirus.com
   • www.365groups.com
   • trialware.norton.com
   • www.antivirus.comodo.com
   • www.spywareterminator.com
   • www.eradicatespyware.net
   • www.freespywareremoval.info
   • www.personalfirewall.comodo.com
   • wakoopa.com
   • forum.drweb.com
   • bb1.th3kings.net
   • www.commentcamarche.net
   • justfane.blogspot.com
   • foros.3dgames.com.ar
   • www.clamav.net
   • www.antivirus.about.com
   • www.pandasecurity.com
   • www.webphand.com
   • mx.answers.yahoo.com
   • www.securitywonks.net
   • www.messengeradictos.com
   • www.geekpolice.net
   • bub.th3kings.net
   • shield.prevx.com
   • www.eudict.com
   • uk.answers.yahoo.com
   • www.sandboxie.com
   • www.clamwin.com
   • www.cwsandbox.org
   • www.ca.com
   • www.arswp.com
   • es.answers.yahoo.com
   • www.trucoswindows.es
   • www.ipaddresser.com
   • www.abgenis.net
   • www.freefixer.com
   • forums.afterdawn.com
   • forum.torrents.ro
   • whois.domaintools.com
   • www.networkworld.com
   • www.cddchiangmai.net
   • www.threatexpert.com
   • www.norman.com
   • espanol.answers.yahoo.com
   • www.tallemu.com
   • foro.portalhacker.net
   • www.groupwhere.org
   • sniff.runescapetube.com
   • forum.p30world.com
   • poolcoversite.com
   • forum.bullguard.com
   • virscan.org
   • www.viruschief.com
   • scanner.virus.org
   • www.hijackthis.de
   • housecall65.trendmicro.com
   • www.guiadohardware.net
   • forums.whatthetech.com
   • mustlovewine.com
   • www3.malekal.com
   • esetnod32antivirus.blogspot.com
   • thedudesemo.blogspot.com
   • hjt.networktechs.com
   • www.techsupportforum.com
   • www.whatthetech.com
   • www.soccersuck.com
   • www.pcentraide.com
   • comunidad.wilkinsonpc.com.co
   • forum.hocit.com
   • forum.smadav.net
   • fgp.e2doo.com
   • community.thaiware.com
   • irc.evoporn.com
   • www.spamhaus.org
   • forum.piriform.com
   • www.tweaksforgeeks.com
   • www.daniweb.com
   • www.geekstogo.com
   • es.answers.yahoo.com
   • www.techsupportforum.com
   • dnl-eu8.kaspersky-labs.com
   • www.oprekpc.com
   • shv4.ath.cx
   • www.pcworld.com
   • in.answers.yahoo.com
   • www.vupen.com
   • www.pchell.com
   • www.spyany.com
   • forums.techguy.org
   • www.experts-exchange.com
   • www.wikio.es
   • www.pandasecurity.com
   • forums.devshed.com
   • devbuilds.kaspersky-labs.com
   • hana-ahmad.blogspot.com
   • www.linkmania.ro
   • www.trojaner-board.de
   • swandog46.geekstogo.com
   • forum.tweaks.com
   • www.wilderssecurity.com
   • www.techspot.com
   • www.thecomputerpitstop.com
   • es.wasalive.com
   • secunia.com
   • www.killtrojan.net
   • www.ulop.net
   • www.eliters.com
   • sip4.voipkosovasite.com
   • www.ftw.ro
   • anggiawan.web.id
   • ba-k.com
   • www.mcanime.net
   • es.kioskea.net
   • www.taringa.net
   • www.cyberdefender.com
   • www.feedage.com
   • new.taringa.net
   • forum.zazana.com
   • forum.clubedohardware.com.br
   • mks.com.pl
   • www.vietcaravan.us
   • trbotnet.sytes.net
   • community.norton.com
   • positiveroot.wordpress.com
   • www.computing.net
   • discussions.virtualdr.com
   • forum.securitycadets.com
   • www.techimo.com
   • 13iii.com
   • www.dicasweb.com.br
   • www.javacoolsoftware.net
   • cofradia.org
   • wasteland-bg.com
   • www.windowexe.com
   • malekal.com
   • www.carigold.com
   • answers.yahoo.com
   • www.infosecpodcast.com
   • www.usbcleaner.cn
   • www.net-security.org
   • www.bleedingthreats.net
   • acs.pandasoftware.com
   • www.funkytoad.com
   • malwarebytes.org
   • sabithpocker.blogspot.com
   • comprolive.vox.com
   • www.worton.com
   • www.rss-verzeichnis.de
   • www.bloodzone.net
   • www.360safe.cn
   • www.360safe.com
   • bbs.360safe.cn
   • bbs.360safe.com
   • codehard.wordpress.com
   • forum.clubedohardware.com.br
   • antitrick.com
   • www.configurarequipos.com
   • www.jiwang.org
   • anti-virus-software-review.toptenreviews.com
   • forums.malwarebytes.org
   • www.360.cn
   • www.360.com
   • bbs.360safe.cn
   • bbs.360safe.com
   • www.forospyware.es
   • p3dev.taringa.net
   • www.precisesecurity.com
   • dlpe.antivir.com
   • www.jvme.com
   • share.skype.com
   • comprolive.com
   • gotoknow.org
   • www.forofantasiasmiguel.com
   • www.spywaredemon.com
   • baike.360.cn
   • baike.360.com
   • kaba.360.cn
   • kaba.360.com
   • deckard.geekstogo.com
   • www.taringa.net
   • forums.comodo.com
   • www.mvps.org
   • melcy.wordpress.com
   • forum.softpedia.com
   • pcvids.wordpress.com
   • shop.symantecstore.com
   • banes-pages.blogspot.com
   • down.360safe.cn
   • down.360safe.com
   • x.360safe.com
   • dl.360safe.com
   • ftp.drweb.com
   • www.hotshare.net
   • es.wasalive.com
   • free.antivirus.com
   • forum.hocit.com
   • destavision-forum.com
   • inspiresoft.blogspot.com
   • universomanualidades.foroactivo.com
   • updatem.360safe.com
   • updatem.360safe.cn
   • update.360safe.cn
   • update.360safe.com
   • www.utilidades-utiles.com
   • forums.majorgeeks.com
   • www.indowebster.web.id
   • zastita.com
   • www.sz-pet.com
   • foros.abcdatos.com
   • www.elektroda.pl
   • gulaley.blogspot.com
   • bbs.duba.net
   • www.duba.net
   • zhidao.baidu.com
   • hi.baidu.com
   • www.drweb.com.es
   • msncleaner.softonic.com
   • www.javacoolsoftware.com
   • beniono.wordpress.com
   • www.4-gsmteam.com
   • msntubers.freehostia.com
   • store.norton.com
   • social.answers.microsoft.com
   • file.ikaka.com
   • file.ikaka.cn
   • bbs.ikaka.com
   • zhidao.ikaka.com
   • www.eset-la.com
   • download.eset.com
   • software-files.download.com
   • www.faravirusi.com
   • www.winbots.es
   • forum.chip.de
   • www.thailandsusu.com
   • debates.motos.net
   • www.judj.com
   • www.ikaka.com
   • www.ikaka.cn
   • bbs.cfan.com.cn
   • www.cfan.com.cn
   • www.pandasecurity.com
   • es.mcafee.com
   • downloads.malwarebytes.org
   • www.devirusare.com
   • forum.skype.com
   • shitit.net
   • www.webimmune.net
   • forum.swzone.it
   • www.dl4all.com
   • foros.mcanime.net
   • bbs.kafan.cn
   • bbs.kafan.com
   • bbs.kpfans.com
   • bbs.taisha.org
   • www.manuelruvalcaba.com
   • support.f-secure.com
   • bbs.winzheng.com
   • devirusare.com
   • social.microsoft.com
   • www.shitit.net
   • mx.answers.yahoo.com
   • darkzone.in.th
   • www.velocidadmaxima.com
   • alerta-antivirus.inteco.es
   • foros.zonavirus.com
   • alerta-antivirus.red.es
   • www.zonavirus.com
   • www.malwarebytes.org
   • www.commentcamarche.net
   • news.support.veritas.com
   • www.zonealarm.com
   • malwarebytes-anti-malware.softonic.com
   • www.securitystronghold.com
   • www.ewido.net
   • www.infospyware.com
   • www.bitdefender.es
   • housecall.trendmicro.com
   • foros.toxico-pc.com
   • www.identi.es
   • es.kioskea.net
   • virusinfo.info
   • forums.zonealarm.com
   • foro.infiernohacker.com
   • nitroamd.spaces.live.com
   • forums.overclockzone.com
   • www.mypcsafe.com
   • www.hackforums.net
   • www.exterminate-it.com
   • www.bbk-sc.ru
   • id.answers.yahoo.com
   • delimitdesign.com
   • br.answers.yahoo.com
   • edu.arabsgate.com
   • www.securelist.com
   • support.clean-mx.de
   • www.zondron.ro
   • blogger-warning.blogspot.com
   • guru.google.co.th
   • ca.mloovi.com
   • mloovi.com
   • otofc.com
   • hondafc.net
   • www.tutorialepc.ro
   • spyce-girl.blogspot.com
   • www.svcommunity.org
   • www.webuser.co.uk
   • zhangzhishi.com
   • forum.vxheavens.com
   • www.guanakoo.org
   • y-scan.com
   • forum.portfolio.hu
   • br.answers.yahoo.com
   • www.fileinspect.com
   • iboyd.net
   • www.help2go.com
   • www.dotcominfoway.com
   • www.trendmicro.co.jp
   • vienska.com
   • www.tebarnasi.com
   • lowongankarirkerja.info
   • www.pcgilmore.com.ph
   • adriyan.web.id
   • forum.donanimhaber.com
   • www.wardom.org
   • www.beartai.com
   • pchelpforum.ru
   • www.360reports.com
   • www.emsisoft.de
   • www.securitynewsportal.com
   • irc.ekizmedia.com
   • zone.arminboutique.com
   • story.dnsentrymx.com
   • onecare.live.com
   • www.hijackthis.nl

Processi terminati Lista dei processi che vengono terminati:
   • DLLHOSTS.EXE; PREVXCSIFREE.EXE; PREVX.EXE; ATF-CLEANER.EXE; OTM.EXE;
      REGSHOT.EXE; MSMPENG.EXE; MSASCUI.EXE; GUARDXKICKOFF.EXE;
      GUARDXSERVICE.EXE; VIRUSUTILITIES.EXE;
      VBA32-PERSONAL-LATEST-ENGLISH.EXE;
      TrendMicro_TISPro_16.1_1063_x32.EXE; PROCMON.EXE; WITSETUP.EXE;
      AVINSTALL.EXE; K7TS_SETUP.EXE; P08PROMO.EXE; ISSDM_EN_32.EXE;
      VIPRE.EXE; UNLOCKER.EXE; UNLOCKERASSISTANT.EXE; UNLOCKER1.8.7.EXE;
      REGUNLOCKER.EXE; COMPAQ_PROPIETARIO.EXE; ATF-CLEANER.EXE;
      SAFEBOOTKEYREPAIR.EXEOTMOVEIT3.EXEHOSTSXPERT.EXEDAFT.EXE; VIRUS.EXE;
      HIJACK-THIS.EXE; MRT.EXE; MRTSTUB.EXE; WINDOWS-KB890930-V2.2.EXE;
      HJ.EXE; ELISTA.EXE; PENCLEAN.EXE; MBAM-SETUP.EXE; MBAM.EXE; AVZ.EXE;
      JAJA.EXE; OTMOVEIT.EXEMBAM-SETUP.EXE; REGMON.EXE; COMBO-FIX.EXE;
      COMBOFIX.BAT; COMBOFIX.SCR; COMBOFIX.COM; NTVDM.EXE; GUARD.EXE;
      LISTO.EXE; TCPVIEW.EXE; REGEDIT.COM; REGEDIT.SCR; FOLDERCURE.EXE;
      KILLAUTOPLUS.EXE; MYPHOTOKILLER.EXE; REG.EXE; TASKKILL.EXE;
      AUTORUNS.EXE; SRENGPS.EXE; COMBOFIX.EXE; SDFIX.EXE; CATCHME.EXE;
      GMER.EXE; MBR.EXE; CF9409.EXE;
      REGUNLOCKER.EXETSNTEVAL.EXEXP_TASKMGRENAB.EXE; SUPERANTISPYWARE.EXE;
      BOOTSAFE.EXE; SRESTORE.EXE; MSNCLEANER.EXE; BUSCAREG.EXE;
      KAKASETUPV6.EXE; SUPERKILLER.EXE; DUBATOOL_AV_KILLER.EXE;
      DELAYDELFILE.EXE; SEEM.EXE; BC5CA6A.EXE; ROOTALYZER.EXE;
      ROOTKITBUSTER.EXE; HELIOS.EXE; DARKSPY105.EXE; HOOKANLZ.EXE;
      PAVARK.EXE; SRENGLDR.EXE; APORTS.EXE; FPORT.EXE; PORTDETECTIVE.EXE;
      PORTMONITOR.EXE; NETSTAT.EXE; OLLYDBG.EXE; HJTINSTALL.EXE;
      HJTSETUP.EXE; HIJACKTHIS_SFX.EXE; HIJACKTHIS.EXE; HIJACKTHIS_V2.EXE;
      MSNFIX.EXE; PROCEXP.EXE; TASKMAN.EXE; TASKLIST.EXE; TASKMON.EXE;
      PSKILL.EXE; ROOTKITREVEALER.EXE; FSBL.EXE; FSB.EXE; AVGARKT.EXE;
      ROOTKIT_DETECTIVE.EXE; UNHACKME.EXE; HACKMON.EXE; RKD.EXE;
      ROOTKITNO.EXE; REANIMATOR.EXE; HOOKANLZ.EXE; ROOTREPEAL.EXE;
      ICESWORD.EXE; LORDPE.EXE; PG2.EXE; PROCDUMP.EXE; PROCESSMONITOR.EXE;
      SPYBOTSD160.EXE; TEATIMER.EXE; SPYBOTSD.EXE; WIRESHARK.EXE; APM.EXE;
      APT.EXE; ASVIEWER.EXE; CPORTS.EXE; CPROCESS.EXE; DLLCOMPARE.EXE;
      A2HIJACKFREESETUP.EXE; EULALYZERSETUP.EXE; FILEALYZ.EXE; FILEFIND.EXE;
      FIXPATH.EXE; HOSTSFILEREADER.EXE; IEFIX.EXE; AVENGER.EXE;
      INSTALLWATCHPRO25.EXE; KILLBOX.EXE; NETALYZ.EXE; OBJMONSETUP.EXE;
      PGSETUP.EXE; FIXBAGLE.EXE; CUREIT.EXE; PROCMON.EXE;
      PROJECTWHOISINSTALLER.EXE; REGALYZ.EXE; REGCOOL.EXE;
      REGISTRAR_LITE.EXE; REGSCANNER.EXE; REGSHOT.EXE; REGX2.EXE; SPF.EXE;
      SRENGLDR.EXE; STARTDRECK.EXE; SYSANALYZER_SETUP.EXE; UNIEXTRACT.EXE;
      UNLOCKER1.8.7.EXE; RAVP.EXE; MBAM.EXE; USBGUARD.EXE; AVZ.EXE; OTL.EXE;
      CPF.EXE; ZLCLIENT.EXE; 123.COM; 123.EXE

Varie Verifica la presenza di una connessione ad internet contattando i seguenti siti web:
   • http://www.whereismyip.org
   • http://www.whatismyip.org
Accede alle risorse Internet:
   • http://195.137.213.67/net/**********
   • http://s82.epicphotohost.com/net/**********

Dettagli del file Software di compressione:
Per complicarne l'individuazione e ridurre la dimensione del file, viene compresso con un software di compressione.

Descrizione inserita da Petre Galan su venerdì 18 febbraio 2011
Descrizione aggiornata da Petre Galan su venerdì 18 febbraio 2011

Indietro . . . .

Devi aggiustare il tuo PC?

Prodotti in evidenza

Altri prodotti

I prodotti piu conosciuti

Tutti i prodotti

Per utenti privati

Per aziende

Virus Lab

Ulteriore supporto

Diventa un Partner di Avira

Per utenti privati

Per aziende

Desideri provare un prodotto?

Manuali e Strumenti

Prodotti in evidenza

Altri prodotti

I prodotti piu conosciuti

Tutti i prodotti

Per utenti privati

Per aziende

Virus Lab

Ulteriore supporto

Diventa un Partner di Avira

Per utenti privati

Per aziende

Desideri provare un prodotto?

Manuali e Strumenti