PCの修理が必要ですか?
専門家に頼む
Virus:W32/Viking.AT
Date discovered:06/09/2010
Type:File infector
In the wild:Yes
Reported Infections:High
Distribution Potential:Low to medium
Damage Potential:Medium
Static file:No
VDF version:7.10.04.254
IVDF version:7.10.11.89 - Monday, September 6, 2010

 General Method of propagation:
    Infects files


Aliases:
   •  Mcafee: W32/Fujacks.be
   •  Sophos: W32/Jadtre-B
   •  Eset: Win32/Wapomi.A
     Sunbelt: Virus.Win32.Jadtre.b
     Authentium: W32/Pikor.A
     Norman: Virus W32/Pikorms.G


Platforms / OS:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7


Side effects:
   • Drops a malicious file
Infects files

 Files It copies itself to the following location:
   • %SYSDIR%\csrcs.exe



The following files are created:

– Temporary files that might be deleted afterwards:
   • %TEMPDIR%\aut7%hex number%.tmp
   • %TEMPDIR%\%random character string%

c:\cmt.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too.

 File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
The following section is added to the infected file:
   • Dbt


Infection length:

- 90.112 Bytes


The following files are infected:

By file type:
   • exe

 Miscellaneous Internet connection:

It queries with the following names:
   • www.baid**********.com
   • 17**********.WAP517.BIZ
   • 17**********.WAP517.US
   • 17**********.WAP517.NET
   • 17**********.NS1631261.COM
   • 17**********.NS1631262.COM
   • 17**********.NS1631262.INFO
   • 17**********.NS1631262.NET
   • 17**********.NS1631262.ORG
   • 17**********.NS1631263.COM
   • 17**********.NS1631263.INFO
   • 17**********.NS1631263.NET
   • 17**********.NS1631263.ORG

説明の挿入者 Alexander Bauer の 2012年6月2日土曜日
説明の更新者 Alexander Bauer の 2012年6月2日土曜日

戻る . . . .
https:// このウィンドウは暗号化されています。