TR/BHO.G - Trojan

Vedi anche

In breve

Descrizione completa

Statistiche

Nome del virus:	TR/BHO.G
Scoperto:	21/09/2006
Tipo:	Trojan
In circolazione (ITW):	No
Numero delle infezioni segnalate:	Basso
Potenziale di propagazione:	Basso
Potenziale di danni:	Medio
File statico:	Si
Dimensione del file:	86.068 Byte
Somma di controllo MD5:	b144dcea0Cf4d0a28d0D810De47f5d90
Versione VDF:	6.36.00.44
Versione IVDF:	6.36.00.54

Generale Alias:
   • Mcafee: Vundo
   • Kaspersky: Trojan.Win32.BHO.g
   • Sophos: Troj/BHO-C
   • Bitdefender: rojan.Vundo.M

Piattaforme / Sistemi operativi:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP

Effetti secondari:
   • Modifica del registro
   • Sottrae informazioni

Registro Registra un “browser helper object” (BHO) aggiungendo la seguente chiave:

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}

Viene aggiunta la seguente chiave di registro:

– HKCR\CLSID\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}\InprocServer32
   • "(Defaulat)"=%file eseguiti%
   • "ThreadingModel"="Both"

Sottrazione di informazioni – Dopo aver visitato un sito web viene avviata una procedura di “tracciamento”:
   • allyoursearch.com thefreedictionary.com searchfeed.com www.neon.org.uk
      www.sensis.com.au slotch.com mygeek.com clearsearch.com
      search.gohip.com usseek.com findwhat.com websearch.com revquest.com
      7search.com ditto.com mysearch.myway.com mywebsearch.com
      destinationadult.com instafinder.com uk.overture.com exactsearch.net
      findsearch.net perfectnav.com scoutcrawl.com genieknows.com
      navisearch.net what2find.com sirsearch.com crawlbar.com overture.com
      inquire.com netster.com www.grip.com www.ukindex.co.uk lb1.netster.com
      64.225.154.135 zeal.com seeq.com uk.searchengine.com url.searchuk.com
      www.excite.co.jp search.dmoz.org www.goclick.com wikipedia.org
      search.about.com galaxysearch.com wesearchall.com terms= sex.com
      www.london-pages.co.uk vachercher.lycos.fr search.netscape.com
      search.netzero.net search.lycos.co.uk cgi.search123.com
      search.asiaco.com query.nytimes.com search.aol.co.uk search.lycos.com
      www.250000.co.uk search.aol.com suche.lycos.de zoek.lycos.nl
      vivisimo.com kanoodle.com comcast.net hotbot.com jayde.com mamma.com
      mirago.co.uk mirago.de searchmiracle.com coolwebsearch.com
      search.looksmart.com www.infoseek.co.jp dogpile.com sqwire.com
      vaclick.epilot.com searchscout.com apps5.oingo.com 66.220.17.157
      fr.search.yahoo.com au.search.yahoo.com uk.search.yahoo.com
      kr.search.yahoo.com ca.search.yahoo.com tw.search.yahoo.com
      de.search.yahoo.com hk.search.yahoo.com search.yahoo.co.jp
      search.yahoo.com search.sympatico.msn.ca search.earthlink.net
      search.wanadoo.co.uk search.xtramsn.co.nz www.recherche.aol.fr
      www.google.com.tw search.msn.com.hk www.google.com.hk
      www.google.com.au au.altavista.com fr.altavista.com de.altavista.com
      nz.altavista.com nl.altavista.com uk.altavista.com search.msn.co.uk
      kr.altavista.com www.google.co.uk www.google.co.kr www.google.co.nz
      www.google.co.jp search.daum.net emetasearch.com search.msn.com
      shoprogers.com reference.com web.ask.co.uk go.google.com alltheweb.com
      search.msn.fr gigablast.com altavista.com google.com.mx goguides.org
      google.co.uk cp.ah-ha.com web.ask.com wisenut.com s.teoma.com
      google.com google.be bbc.co.uk google.fr google.it google.ca google.de
      alexa.com google.es

Dettagli del file Software di compressione:
Per complicarne l'individuazione e ridurre la dimensione del file, viene compresso con un software di compressione.

Per la descrizione "in breve" clicca qui.

Descrizione inserita da Bogdan Iliuta il Thu, 12 Oct 2006 11:15 (GMT+1)
Descrizione aggiornata da Bogdan Iliuta il Mon, 30 Oct 2006 15:10 (GMT+1)

» About Malware
» About Phishing
» Viruses In the Wild

« Indietro