Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:15/09/2010
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Medium
Static file:Yes
File size:439.296 Bytes
MD5 checksum:E93B115A57C2B3C75D21387DAC59A3E2
IVDF version: - Wednesday, September 15, 2010

 General Method of propagation:
   • Autorun feature

   •  Symantec: W32.SillyFDC
   •  Mcafee: W32/Autorun.worm.g
   •  Kaspersky: Worm.MSIL.Autorun.fn
   •  F-Secure: Trojan.MSIL.Agent.P
   •  Sophos: W32/Autorun-BJR
   •  Bitdefender: Trojan.MSIL.Agent.P
   •  Avast: MSIL:AutoRun-W
   •  Microsoft: Worm:MSIL/Autorun.F
   •  Panda: MSIL/Autorun.KBQ
   •  PCTools: Net-Worm.SillyFDC!rem
   •  VirusBuster: Trojan.Agent2.MOU
   •  Eset: MSIL/Autorun.Agent.S
   •  GData: Trojan.MSIL.Agent.P
   •  Authentium: W32/Autorun.WV
   •  Norman: W32/Autorun.BMAY

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Registry modification

 Files It copies itself to the following locations:
   • %PROGRAM FILES%\system32.exe
   • %drive%\lamberguini.avi.exe
   • %drive%\Marcedesse_SLR-722.avi.exe

The following files are created:

%drive%\autorun.inf This is a non malicious text file with the following content:
   • %code that runs malware%

 Registry One of the following values is added in order to run the process after reboot:

–  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "mlh"="%PROGRAM FILES%\system32.exe"

 Backdoor Contact server:
One of the following:

 File details Programming language:
 • CIL (.NET 2.x)

설명 삽입자 Irina Diaconescu   2010년 11월 2일 화요일
설명 업데이트 Irina Diaconescu   2010년 11월 5일 금요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.