Date discovered:13/09/2006
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Medium to high
Damage Potential:Medium to high
Static file:No
VDF version:
IVDF version:

 General Method of propagation:
   • Infects files

   •  Symantec: W32.Detnat.E
   •  Mcafee: W32/Detnat.d
   •  Kaspersky: Worm.Win32.Detnat.d
   •  TrendMicro: PE_DETNAT.D
   •  F-Secure: Win32.Worm.Detnat.D
   •  Sophos: W32/Detnat-P
   •  Bitdefender: Win32.Worm.Detnat.D
   •  Avast: Win32:Besso
   •  GData: Win32.Worm.Detnat.D
   •  DrWeb: Win32.Liage.4
   •  Fortinet: W32/DETNAT.D

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Downloads malicious files
   • Drops a file
   • Infects files

 Files The following file is created:

%recycle bin%\SVCH0ST.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: TR/Drop.Agent.OD.2

It tries to download a file:

– The locations are the following:
   • http://www.yettz.com/**********/re.wos
   • http://www.cinetown.co.kr/**********/mvp.wos
   • http://www.cinetown.co.kr/**********/pop.wos
It is saved on the local hard drive under: %SYSDIR%\netrun%random numbers%.exe Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too.

 File infection Infector type:

Prepender - The virus code is added at the begining of the infected file.


This direct-action infector actively searches for files.

From: 6.000 Bytes
To: 24.000 Bytes

The following file is infected:

By file type:
   • *.exe

説明の挿入者 Razvan Olteanu の 2011年2月23日水曜日
説明の更新者 Razvan Olteanu の 2011年2月23日水曜日

戻る . . . .