Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Date discovered:23/09/2012
Type:Backdoor Server
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low
File size:18.944 Bytes
MD5 checksum:0A800A054ebbd515013de453fc3f501f
VDF version: - Sunday, September 23, 2012
IVDF version: - Sunday, September 23, 2012

 General Method of propagation:
   • No own spreading routine

   •  Bitdefender: Trojan.Generic.8966001
     AVG: BackDoor.Generic16.CNMF
   •  Eset: a variant of MSIL/IRCBot.AS trojan
     Norman: W32/Troj_Generic.KHHOV

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008

Side effects:
   • Registry modification

 Files It copies itself to the following location:
   • C:\winsrvc86.exe

 Registry To each registry key one of the values is added in order to run the processes after reboot:

   • "winsrvc86"="\\winsrvc86.exe"

   • "winsrvc86"="\\winsrvc86.exe"

The following registry keys are added:

   • "ActiveService"="TapiSrv"

   • "ActiveService"="RasMan"

   • @=hex:98,91,2c,47,d1,d1,cc,01

   • @=hex:f2,f3,2e,47,d1,d1,cc,01

 Miscellaneous  Checks for an internet connection by contacting the following web site:
   • 231.231.1**********.188

 File details Programming language:
The malware program was written in MS Visual C#.

Descrizione inserita da Wensin Lee su giovedì 18 aprile 2013
Descrizione aggiornata da Wensin Lee su giovedì 18 aprile 2013

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.