Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:BDS/ZAccess.Q
Date discovered:27/02/2012
Type:Backdoor Server
In the wild:No
Reported Infections:Low to medium
Distribution Potential:Medium to high
Damage Potential:Low
Static file:Yes
File size:30720 Bytes
MD5 checksum:76067bce7e3362281c5b6ed372ba3913
VDF version:7.11.24.18 - Monday, February 27, 2012
IVDF version:7.11.24.18 - Monday, February 27, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Mcafee: Generic.grp!fl
   •  Kaspersky: HEUR:Backdoor.Win64.Generic
   •  Bitdefender: Trojan.Generic.7141969
   •  Microsoft: Trojan:Win64/Sirefef.K
   •  Grisoft: Generic26.BOSL
   •  Eset: Win64/Sirefef.U trojan
   •  GData: Trojan.Generic.7141969
   •  Norman: Trojan Suspicious_Gen4.OMJ


Platforms / OS:
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Can be used to execute malicious code

 Miscellaneous Event handler:
It creates the following Event handlers:
   • DestroyEnvironmentBlock
   • ZwWaitHighEventPair
   • ZwSetLowEventPair
   • ZwCreateEventPair
   • SetThreadDesktop
   • GetThreadDesktop
   • ZwDelayExecution
   • WWW_OpenURL


String:
Furthermore it contains the following strings:
   • GET /p/**********.php?w=%u&i=%S&n=%u
   • HTTP/1.0
   • resident.dll

Beschrijving ingevoegd door Wensin Lee op woensdag 29 februari 2012
Beschrijving bijgewerkt door Wensin Lee op woensdag 29 februari 2012

Terug . . . .
https:// Dit venster is voor uw veiligheid gecodeerd.