Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Virus:BDS/MSIL.Pontoeb.G.106
Date discovered:23/09/2012
Type:Backdoor Server
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low
File size:18.944 Bytes
MD5 checksum:0A800A054ebbd515013de453fc3f501f
VDF version:7.11.43.234 - Sunday, September 23, 2012
IVDF version:7.11.43.234 - Sunday, September 23, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Bitdefender: Trojan.Generic.8966001
     AVG: BackDoor.Generic16.CNMF
   •  Eset: a variant of MSIL/IRCBot.AS trojan
     Norman: W32/Troj_Generic.KHHOV


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008


Side effects:
   • Registry modification

 Files It copies itself to the following location:
   • C:\winsrvc86.exe

 Registry To each registry key one of the values is added in order to run the processes after reboot:

  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "winsrvc86"="\\winsrvc86.exe"

  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "winsrvc86"="\\winsrvc86.exe"



The following registry keys are added:

[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control]
   • "ActiveService"="TapiSrv"

[HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control]
   • "ActiveService"="RasMan"

[HKLM\SECURITY\Policy\Secrets\SAI]
   • @=hex:98,91,2c,47,d1,d1,cc,01

[HKLM\SECURITY\Policy\Secrets\SAC]
   • @=hex:f2,f3,2e,47,d1,d1,cc,01

 Miscellaneous  Checks for an internet connection by contacting the following web site:
   • 231.231.1**********.188

 File details Programming language:
The malware program was written in MS Visual C#.

Descrizione inserita da Wensin Lee su giovedì 18 aprile 2013
Descrizione aggiornata da Wensin Lee su giovedì 18 aprile 2013

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.