Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:30/01/2013
In the wild:Yes
Reported Infections:Medium to high
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:230.904 Bytes
MD5 checksum:E984A9E640593A866542906DE77B03BC
VDF version: - Wednesday, January 30, 2013
IVDF version: - Wednesday, January 30, 2013

 General Method of propagation:
   • No own spreading routine

   •  Kaspersky: Trojan.Win32.Bublik.acwh
   •  Sophos: Mal/EncPk-MP
     Avast: Win32:Crypt-OVP
     Microsoft: Trojan:Win32/Bublik.B
   •  Panda: Trj/OCJ.C
   •  Eset: Win32/Spy.Bebloh.J
     DrWeb: BackDoor.Bebloh.21
     Fortinet: W32/Zbot.DHN!tr

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows Server 2008
    Windows 7

Side effects:
   • Drops a malicious file
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %SYSDIR%\%random%.exe

 Registry The following registry key is added:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\userinit.exe]
   • "Debugger"="%random%.exe"

 Miscellaneous Accesses internet resources:
   • gel**********om/f/t.php

설명 삽입자 Eric Burk   2013년 2월 1일 금요일
설명 업데이트 Eric Burk   2013년 2월 1일 금요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.