Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Virus:WORM/Conficker.Z.17
Date discovered:17/08/2009
Type:Worm
In the wild:Yes
Reported Infections:Low
Distribution Potential:Medium
Damage Potential:Low to medium
Static file:Yes
File size:16.0578 Bytes
MD5 checksum:95AD430ABCA3DA496600F764C120683C
VDF version:7.01.05.118
IVDF version:7.01.05.119 - Monday, August 17, 2009

 General Method of propagation:
   • Local network


Aliases:
   •  Kaspersky: Net-Worm.Win32.Kido.fz
   •  Sophos: Mal/Conficker-A
   •  Eset: Win32/Conficker.AE worm


Platform / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7


Side effects:
   • Drops a file

 Files The following file is created:

%SYSDIR%\%number%.tmp Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too.



It tries to execute the following file:

Filename:
   • explorer.exe
using the following command line arguments: c:

 Network Infection In order to ensure its propagation the malware attemps to connect to other machines as described below.

 Injection     Process name:
   • svchost.exe


 Miscellaneous Accesses internet resources:
   • http://**********tqvpb.org/search?q=0;
      http://**********sgqy.net/search?q=0;
      http://**********qw.ws/search?q=0;
      http://**********lwy.org/search?q=0;
      http://**********jiokcu.info/search?q=0;
      http://**********kg.info/search?q=0;
      http://**********fwbhu.net/search?q=0;
      http://**********jeeoks.cn/search?q=0;
      http://**********aajr.com/search?q=0;
      http://**********pm.cn/search?q=0;
      http://**********lxaxt.biz/search?q=0;
      http://**********dfmbzthp.org/search?q=0;
      http://**********wksyy.info/search?q=0;
      http://**********zeaoqovd.org/search?q=0;
      http://**********aeplduio.cn/search?q=0;
      http://**********xhdao.biz/search?q=0;
      http://**********uknhd.cc/search?q=0;
      http://**********afrpybtg.cc/search?q=0;
      http://**********blz.com/search?q=0;
      http://**********jxw.com/search?q=0;
      http://**********chntbr.org/search?q=0;
      http://**********cwz.net/search?q=0;
      http://**********gevaztd.org/search?q=0;
      http://**********sciw.cn/search?q=0;
      http://**********swqsh.ws/search?q=0;
      http://**********om.com/search?q=0;
      http://**********ogkbraw.ws/search?q=0;
      http://**********jgfnczsd.org/search?q=0;
      http://**********gs.org/search?q=0;
      http://**********rl.biz/search?q=0;
      http://**********tvgrld.ws/search?q=0;
      http://**********zw.com/search?q=0;
      http://**********.getmyip.org/;
      http://**********.google.com/;
      http://**********.whatismyip.org/;
      http://**********.whatsmyipaddress.com/


Mutex:
It creates the following Mutex:
   • zjufikhflutftitl

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Descrizione inserita da Andrei Ilie su venerdì 14 gennaio 2011
Descrizione aggiornata da Andrei Ilie su martedì 18 gennaio 2011

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.