Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:EXP/Pidief.aom
Date discovered:21/02/2012
Type:Exploit
In the wild:Yes
Reported Infections:High
Distribution Potential:Low
Damage Potential:Low to medium
Static file:No
VDF version:7.11.23.180 - Tuesday, February 21, 2012
IVDF version:7.11.23.180 - Tuesday, February 21, 2012

 General Method of propagation:
   • By visiting infected websites


Aliases:
   •  Microsoft: Exploit:Win32/Pdfjsc.ZZ
   •  DrWeb: Exploit.PDF.2743


Platforms / OS:
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Drive-by download

 Files It tries to download some files:

– The location is the following:
   • http://agentur-ratte.de/lutoma/cln/**********
It is saved on the local hard drive under: %TEMPDIR%\wpbt%number%.dll Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too.

– The location is the following:
   • http://dylanpatton.de/mtpforum/**********
It is saved on the local hard drive under: %TEMPDIR%\wpbt%number%.dll Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too.

– The location is the following:
   • http://moc-steinsberg.de/main/Vorstand/**********
It is saved on the local hard drive under: %TEMPDIR%\wpbt%number%.dll Furthermore this file gets executed after it was fully downloaded. Further investigation pointed out that this file is malware, too.

 File details Programming language:
 • JavaScript


Encryption:
Encrypted - The virus code inside the file is encrypted.

Beschrijving ingevoegd door Alexander Bauer op dinsdag 21 februari 2012
Beschrijving bijgewerkt door Alexander Bauer op dinsdag 21 februari 2012

Terug . . . .
https:// Dit venster is voor uw veiligheid gecodeerd.