Ha bisogno di assistenza? Chieda alla community oppure consulti un esperto.
Vai ad Avira Answers
Virus:TR/Injector.UT
Date discovered:08/09/2012
Type:Trojan
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:Yes
File size:326.144 Bytes
MD5 checksum:46AAAA7006A62AD84391D132D6FB9EFD
VDF version:7.11.42.62 - Saturday, September 8, 2012
IVDF version:7.11.42.62 - Saturday, September 8, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: W32/Spybot.bfr!f
   •  TrendMicro: TROJ_SPNR.22IB12
   •  Sophos: Mal/EncPk-AFT
     Avast: Win32:Susn-AQ [Trj]
   •  Eset: Win32/Spy.Zbot.AAO
     Fortinet: W32/Injector.WAF
     Norman: ZBot.BIGD


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Drops files
   • Drops a malicious file
   • Registry modification
   • Steals information

 Files The following file is created:

%APPDATA%\%random character string%\%random character string%.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: TR/Injector.UT

%APPDATA%\%random character string%\%random character string%
%APPDATA%\%random character string%\%random character string%
%TEMPDIR%\%random character string%.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.

 Registry The following registry key is added in order to run the process after reboot:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%random character string%"="%APPDATA%\%random character string%\%random character string%.exe"

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS server is contacted:
   • ehalgr**********a.ru
Accesses internet resources:
   • krugvkube.ru/pepp**********le.php

Descrizione inserita da Eric Burk su venerdì 1 marzo 2013
Descrizione aggiornata da Eric Burk su venerdì 1 marzo 2013

Indietro . . . .
https:// Questa finestra è criptata per tua sicurezza.