Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Virus:TR/VB.kkb
Date discovered:29/11/2011
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Medium to high
Damage Potential:Medium
VDF version:7.11.18.123 - Tuesday, November 29, 2011
IVDF version:7.11.18.123 - Tuesday, November 29, 2011

 General Methods of propagation:
   • Autorun feature
   • Local network
   • Messenger


Aliases:
   •  Mcafee: Generic
   •  Kaspersky: Trojan.Win32.Jorik.IRCbot.ded
   •  Bitdefender: Worm.Dorkbot.A
   •  Grisoft: Generic25.AVWP
   •  Eset: a variant of Win32/Injector.KLN trojan
   •  GData: Worm.Dorkbot.A
   •  DrWeb: Trojan.MulDrop3.13802
   •  Norman: Trojan W32/VBInject.ADL


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Can be used to modify system settings that allow or augment potential malware behaviour.
   • Registry modification

 Files It copies itself to the following location:
   • %APPDATA%\%six-digit random character string%.exe

 Registry One of the following values is added in order to run the process after reboot:

–  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Bwzizj"="%APPDATA%\\%six-digit random character string%.exe"

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS servers are contacted:
   • **********m0001.in
   • **********m0002.in


Event handler:
It creates the following Event handlers:
   • ReadProcessMemory
   • WriteProcessMemory
   • CreateRemoteThread
   • InternetReadFile
   • URLDownloadToFile
   • InternetOpenUrl
   • InternetOpen
   • CreateFile


String:
Furthermore it contains the following strings:
   • AV_sites
   • Starting flood
   • IRC Command
   • login
   • password
   • banking
   • pin
   • money
   • account
   • login.yahoo.*/*login*
   • facebook.*/login.php*
   • runescape*/*weblogin*
   • mediafire.com/*login*
   • freakshare.com/login*
   • uploading.com/*login*
   • filesonic.com/*login*
   • namecheap.com/*login*
   • speedyshare.com/login*
   • depositfiles.*/*/login*
   • thepiratebay.org/login*
   • bcointernacional*login*
   • uploaded.to/*login*
   • alertpay.com/login*
   • moniker.com/*Login*
   • dotster.com/*login*
   • oron.com/login*
   • ngrBot Error

 File details Programming language:
The malware program was written in Visual Basic.

Descrizione inserita da Wensin Lee su venerdì 14 settembre 2012
Descrizione aggiornata da Wensin Lee su venerdì 14 settembre 2012

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.