PCの修理が必要ですか?
専門家に頼む
Virus:TR/Reveton.A.153
Date discovered:11/01/2012
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
File size:210.432 Bytes
MD5 checksum:056AB8CB1536D2282D77F828A6EDDFDE
VDF version:7.11.20.228 - Wednesday, January 11, 2012
IVDF version:7.11.20.228 - Wednesday, January 11, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Microsoft: Trojan:Win32/Reveton.A
   •  Grisoft: PSW.Agent.ASJL


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Downloads a file
   • Falsely reports malware infection or system problems and offers to fix them if the user buys the application.
   • Registry modification

 Files The following file is created:

– Non malicious file:
   •  %HOME%\Startmenü\Programme\Autostart\virus.dll.lnk

 Registry The following registry keys are changed:

Disable Regedit and Task Manager:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
   New value:
   • "DisableTaskMgr"=dword:00000001

Lower security settings from Internet Explorer:

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   New value:
   • "NoProtectedModeBanner"=dword:00000001

Lower security settings from Internet Explorer:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
   {E19ADC6E-3909-43E4-9A89-B7B676377EE3}\iexplore]
   New value:
   • "Type"=dword:00000004
   • "Count"=dword:00000007
   • "Time"=hex:db,07,09,00,02,00,06,00,09,00,35,00,01,00,38,01

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
   {E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore]
   New value:
   • "Type"=dword:00000004
   • "Count"=dword:00000015
   • "Time"=hex:db,07,09,00,02,00,06,00,09,00,35,00,01,00,38,01

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\
   {FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore]
   New value:
   • "Type"=dword:00000004
   • "Count"=dword:00000016
   • "Time"=hex:db,07,09,00,02,00,06,00,09,00,35,00,01,00,38,01

 Injection – It injects itself as a remote thread into processes.

    All of the following processes:
   • notepad.exe
   • iexplorer.exe


 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

説明の挿入者 Jan-Eric Herting の 2012年1月18日水曜日
説明の更新者 Jan-Eric Herting の 2012年1月18日水曜日

戻る . . . .

© 2013 Avira Operations GmbH & Co. KG. All rights reserved.

マイアカウント

https:// このウィンドウは暗号化されています。