Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:06/09/2010
Type:File infector
In the wild:Yes
Reported Infections:High
Distribution Potential:Low to medium
Damage Potential:Medium
Static file:No
VDF version:
IVDF version: - Monday, September 6, 2010

 General Method of propagation:
    Infects files

   •  Mcafee: W32/
   •  Sophos: W32/Jadtre-B
   •  Eset: Win32/Wapomi.A
     Sunbelt: Virus.Win32.Jadtre.b
     Authentium: W32/Pikor.A
     Norman: Virus W32/Pikorms.G

Platforms / OS:
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

Side effects:
   • Drops a malicious file
Infects files

 Files It copies itself to the following location:
   • %SYSDIR%\csrcs.exe

The following files are created:

– Temporary files that might be deleted afterwards:
   • %TEMPDIR%\aut7%hex number%.tmp
   • %TEMPDIR%\%random character string%

c:\cmt.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too.

 File infection Infector type:

Appender - The virus main code is added at the end of the infected file.
The following section is added to the infected file:
   • Dbt

Infection length:

- 90.112 Bytes

The following files are infected:

By file type:
   • exe

 Miscellaneous Internet connection:

It queries with the following names:
   • www.baid**********.com
   • 17**********.WAP517.BIZ
   • 17**********.WAP517.US
   • 17**********.WAP517.NET
   • 17**********.NS1631261.COM
   • 17**********.NS1631262.COM
   • 17**********.NS1631262.INFO
   • 17**********.NS1631262.NET
   • 17**********.NS1631262.ORG
   • 17**********.NS1631263.COM
   • 17**********.NS1631263.INFO
   • 17**********.NS1631263.NET
   • 17**********.NS1631263.ORG

설명 삽입자 Alexander Bauer   2012년 6월 2일 토요일
설명 업데이트 Alexander Bauer   2012년 6월 2일 토요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.