Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Weelsof.EB.7
Date discovered:01/10/2012
Type:Trojan
In the wild:No
Reported Infections:High
Distribution Potential:Low
Damage Potential:Medium
File size:60.416 Bytes
MD5 checksum:61a2f310098b532e62da736eb0b4d7a3
VDF version:7.11.44.200 - Monday, October 1, 2012
IVDF version:7.11.44.200 - Monday, October 1, 2012

 General    • No own spreading routine


Aliases:
   •  Symantec: Trojan.Smoaler
   •  Eset: Win32/TrojanDownloader.Zortob.B trojan


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7


Side effects:
   • Drops a malicious file
   • Registry modification
   • Steals information


Right after execution it runs a windows application which will display the following window:


 Files It copies itself to the following location:
   • %HOME%\Local Settings\Application Data\%eight-digit random character string%.exe



It deletes the initially executed copy of itself.



The following file is created:

%malware execution directory%\%executed file%.txt It is opened using the default application for this file type.

 Backdoor Contact server:
All of the following:
   • 46.**********.86
   • 188.**********.180
   • 178.**********.54
   • 125.**********.185
   • 50.**********.150
   • 217.**********.108
   • 192.**********.255
   • 46.**********.98
   • 94.**********.157
   • 202.**********.202

As a result it may send information and remote control could be provided.

 Injection It injects itself as a remote thread into a process.

    Process name:
   • %SYSDIR%\svchost.exe


설명 삽입자 Daniel Mocanu   2012년 10월 3일 수요일
설명 업데이트 Daniel Mocanu   2012년 10월 3일 수요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.