Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Date discovered:30/06/2010
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:262.144 Bytes
MD5 checksum:a477ca82726e9998a5914cff90783f57
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Symantec: W32.SillyFDC
   •  Mcafee: W32/Autorun.worm.bx
   •  Kaspersky: Worm.Win32.AutoRun.bqpq
   •  Sophos: Mal/Emogen-Y

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7

Side effects:
   • Drops files
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %PROGRAM FILES%\Common Files\svchost.exe

The following files are created:

– %tempdir%\xx%number% This is a non malicious text file with the following content:
   • Retrieved system specific informations.

%PROGRAM FILES%\Common Files\log\%computer name%\%current time%.cab.bak
%WINDIR%\log\%current time%.cab

 Registry The following registry keys are added:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   • "CheckedValue"="dword:00000001"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   • "UncheckedValue"="dword:00000000"

– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   • "Userinit"="%SYSDIR%\userinit.exe,%PROGRAM FILES%\Common Files\svchost.exe -s"

 Backdoor Sends information about:
    • CPU speed
    • CPU type
    • Hardware
    • IP address
    • MAC address
    • Information about the network
    • Platform ID
    • System directory
    • System time
    • Windows directory
    • Information about the Windows operating system

 Miscellaneous Trusted file pretending:
Its process pretends to be the following trusted process: svchost.exe

 File details Programming language:
The malware program was written in MS Visual C++.

Descrizione inserita da Andrei Ilie su mercoledì 16 febbraio 2011
Descrizione aggiornata da Andrei Ilie su venerdì 18 febbraio 2011

Indietro . . . .