Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Virus:TR/Buzus.IP
Date discovered:02/12/2012
Type:Trojan
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Medium
Damage Potential:Medium
File size:521130 Bytes
MD5 checksum:fbb96a10395aa29fc67bcacc150ea17d
VDF version:7.11.52.52 - Sunday, December 2, 2012
IVDF version:7.11.52.52 - Sunday, December 2, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Eset: Win32/VB.OFT worm
     Norman: W32/Troj_Generic.FSWRM


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Registry modification

 Files The following file is created:

Non malicious file:
   • %TEMP%\VHKIXVWH.data

 Registry To each registry key one of the values is added in order to run the processes after reboot:

  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Sample"="c:\sample.exe"

  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "Sample"="c:\sample.exe"

 Miscellaneous  Checks for an internet connection by contacting the following web site:
   • http://tool**********.fred.to/check.php?q=GTFKW&TS=0&i=


Event handler:
It creates the following Event handlers:
   • getprotobynumber
   • getprotobyname
   • tmrSendRequest
   • getservbyport
   • getservbyname
   • gethostbyname
   • RemoteHostIP
   • SentMessages
   • getpeername
   • getsockname
   • gethostname
   • modSpreader


String:
Furthermore it contains the following strings:
   • Returns/Sets the port used on the local computer
   • Success: Set chrome startpage to
   • Returns/Sets the socket protocol
   • fb-msgspread with saved session
   • Connect to the remote computer
   • browser.startup.homepage
   • fb-wallspread with
   • CSocket.GetData
   • CSocket.Connect
   • CSocket.Accept
   • CSocket.Listen
   • cmd /k start
   • findpassword
   • WINVERSION%
   • BOTVERSION%
   • RANDSTR%
   • RANDNUM%
   • BOTIDNO%
   • LOCKEY%
   • BOTDIR%

Descrizione inserita da Wensin Lee su lunedì 3 dicembre 2012
Descrizione aggiornata da Wensin Lee su lunedì 3 dicembre 2012

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.