Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Virus:TR/Agent.40960.177
Date discovered:09/08/2010
Type:Trojan
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:40.960 Bytes
MD5 checksum:aea8d7c82c5f432a005c80a9ede32029
IVDF version:7.10.10.125 - Monday, August 9, 2010

 General Aliases:
   •  Kaspersky: Trojan.Win32.Siscos.acx
   •  F-Secure: Trojan.Win32.Siscos.acx
   •  Sophos: Troj/Siscos-A


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %WINDIR%\services.exe

 Registry –  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Adobe Update Service"="%WINDIR%\services.exe"

 Messenger It is spreading via Messenger. The characteristics are described below:

– Windows Live Messenger

 IRC – Furthermore it has the ability to perform the following action:
    • connect to IRC server

 Backdoor Contact server:
The following:
   • zk.imageshak.biz:4507


 Miscellaneous  Checks for an internet connection by contacting the following web site:
   • http://cachefly.cachefly.net/1mb.test

 File details Programming language:
The malware program was written in MS Visual C++.

Descrizione inserita da Irina Diaconescu su giovedì 28 ottobre 2010
Descrizione aggiornata da Irina Diaconescu su mercoledì 3 novembre 2010

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.