Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:06/08/2006
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:3.515.723 Bytes
MD5 checksum:3efdfddfffe5cf4ad40c5368c336a702
IVDF version: - Sunday, August 6, 2006

 General Aliases:
   •  Sophos: W32/RJump-H
   •  Panda: Bck/Simut.A
   •  Eset: Win32/RJump.A
   •  Bitdefender: Trojan.Generic.1618020

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Downloads a malicious file
   • Drops malicious files
   • Registry modification

 Files It copies itself to the following location:
   • %WINDIR%\RavMonE.exe

The following file is created:

%malware execution directory%\RavMonLog

It tries to download a file:

– The locations are the following:
   •**********?peer_id=%character string%&port=%character string%&type=%character string%&ver=%character string%
   •**********?peer_id=%character string%&port=%character string%&type=%character string%&ver=%character string%
   •**********?peer_id=%character string%&port=%number%&type=%character string%&ver=%number%

It tries to executes the following files:

– Filename:
   • %SYSDIR%\cmd.exe /c netsh firewall add portopening TCP 17841 NortonAV

– Filename:
   • netsh firewall add portopening TCP 17841 NortonAV

 Registry The following registry key is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "RavAV"="%WINDIR%\RavMonE.exe"

설명 삽입자 Petre Galan   2010년 4월 22일 목요일
설명 업데이트 Petre Galan   2010년 4월 22일 목요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.