Full description

Vírus	Worm/RB.104448.17.A
Data em que surgiu:	22/09/2005
Tipo:	Worm
Incluído na lista "In The Wild"	Não
Nível de danos:	Baixo
Nível de distribuição:	Médio
Nível de risco:	Médio
Ficheiro estático:	Sim
Tamanho:	104.448 Bytes
MD5 checksum:	5afe3e6b49a5d3acc6ae8524b8353261
Versão VDF:	6.32.0.25

Vulgarmente Meio de transmissão:
   • Rede local

Alias:
   • Symantec: W32.Spybot.Worm
   • Mcafee: W32/Sdbot.worm.gen.bj
   • Kaspersky: Backdoor.Win32.Rbot.gen
   • TrendMicro: WORM_RBOT.CGW
   • Bitdefender: Backdoor.RBot.0AE37D17

Sistemas Operativos:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Efeitos secundários:
   • Baixa as definições de segurança
   • Altera o registo do Windows
   • Aproveita-se de vulnerabilidades do software
   • Informação de roubos
   • Possibilita acesso não autorizado ao computador

Ficheiros Autocopia-se para a seguinte localização:
• %SYSDIR%\tcpip32.exe

Apaga a cópia executada inicialmente.

Registry (Registo do Windows) As chaves seguintes são adicionadas (num loop infinito) ao registo, para executar os processos depois de reinicializar.

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "tcpip32"="tcpip32.exe"

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
   • "tcpip32"="tcpip32.exe"

É adicionada a seguinte chave de registo:

– [HKCU\Software\Microsoft\OLE]
   • "tcpip32"="tcpip32.exe"

Altera as seguintes chaves de registo do Windows:

– [HKLM\SOFTWARE\Microsoft\Ole]
   Valor anterior:
   • "EnableDCOM"=%definições do utilizador %
   Valor recente:
   • "EnableDCOM"="N"

– [HKLM\SYSTEM\CurrentControlSet\Control\Lsa]
   Valor anterior:
   • "restrictanonymous"=%definições do utilizador %
   Valor recente:
   • "restrictanonymous"=dword:00000001

Infecção da rede Para assegurar a sua propagação o malware tenta ligar-se a outras máquinas como descrito abaixo.

Envia cópias de si próprio às seguintes partilhas de rede:
   • IPC$
   • Admin$
   • ADMIN$
   • Admin$\System32
   • C$\DOCUME~1\ADMINI~1
   • C$\windows\system32
   • C$\winnt\system32
   • D$\DOCUME~1\ADMINI~1
   • D$\windows\system32
   • D$\winnt\system32
   • E$\DOCUME~1\ADMINI~1
   • E$\windows\system32
   • E$\winnt\system32
   • print$

Usa a seguinte informação de login para ganhar acesso à máquina remota:

– A seguinte lista de nomes de utilizadores:
   • adm; Admin; ADMIN; admin; admin123; Administrador; administrador;
      Administrateur; administrateur; ADMINISTRATOR; administrator;
      computer; database; dba; default; Default; DEFAULT; guest; GUEST;
      oracle; owa; own; owned; owner; OWNER; staff; student; student1;
      teacher; wwwadmin

– A seguinte lista de palavras-chave:
   • !@; $; !@; $%; !@; $%^; !@; $%^&; !@; $%^&*; 000; 0000; 00000; 000000;
      00000000; 007; 0wn3d; 0wned; 110; 111; 121; 123; 1234; 2002; 2600;
      12345; 12346; 54321; 111111; 121212; 123123; 123456; 123467; 654321;
      1234567; 1234678; 11111111; 12345678; 12346789; 88888888; 123456789;
      123467890; 1234qwer; 123abc; 123asd; 123qwe; aaa; abc; abc123; abcd;
      academia; academic; ACCESS; account; accounting; accounts; action;
      ada; adam; adrian; adrianna; adult; aerobics; afro; aids; airplane;
      Al3x; alaska; albany; albatros; albatross; albert; alert; Alex; alex;
      alexande; Alexander; alf; algebra; alias; aliases; alice; alicia;
      alisa; alison; allison; allow; alpha; alphabet; ama; amadeus; amanda;
      amber; america; amorphou; amorphous; amy; anal; analog; anarchis;
      anarchy; anchor; andrea; android; andromac; andromache; andy; anfo;
      angela; angerine; angie; animal; animals; anita; ann; anna; anne;
      annette; anon; anonymou; answer; anthrax; anthropo; anthropogenic;
      anvils; anything; apollo13; april; aria; ariadne; arlene; army; arrow;
      arthur; artist; asd; asdf; asdfgh; asian; asm; asshole; athena;
      atmosphe; atmosphere; atom; attack; authoriz; aztecs; azure; babe;
      baby; bacchus; backdoor; backup; BACKUP; badass; bailey; ball; banana;
      bananas; bandit; bank; banks; barbara; barber; bare; barf; baritone;
      bart; bartman; baseball; basic; bass; bassoon; batch; batman; beach;
      beammeup; bear; beast; beater; beauty; beaver; becky; beethove;
      beethoven; begin; behead; bell; beloved; benz; beowulf; berkeley;
      berlin; berliner; beryl; beta; beth; betsie; betty; beverly; bible;
      bicamera; bicameral; bigfoot; bill; billy; binary; bios; bird; bishop;
      bitch; bitmap; bitnet; bla; black; blank; blonde; blondie; blood;
      bloodaxe; blow; blowjob; blue; blues; board; bob; bomb; boner; boob;
      boobs; book; born; BOTH; boyscout; bradley; brandi; brandy; bravo;
      break; breast; brenda; brian; bridget; broadway; brothel; bruce;
      brunette; brute; brutefor; bsd; bulls; bullshit; bumbling; bung;
      burgess; burn; butch; butt; butthead; cad; californ; camille;
      campanil; campanile; camping; candi; candy; cantor; capitol; captain;
      capture; card; cardinal; caren; carla; carmen; carol; carole;
      carolina; caroline; carrie; carson; cascades; cash; castle; cat;
      catherin; catherine; catholic; cathy; cave; cayuga; cecily; celt;
      celtic; celtics; cerulean; change; Changeme; changeme; charity;
      charles; charlie; charming; charon; chat; CHECK; chem; chemistr;
      chemistry; chess; chester; chip; chris; christin; christina;
      christine; christy; CHT; cigar; cigarett; cindy; cisco; class;
      classes; classic; claudia; claymore; cleavage; clinton; cluster;
      clusters; coast; cocacola; cocainco; cock; code; codename; codeword;
      coffee; coin; coke; cola; cold; collins; color; combat; comics;
      commit; commrade; commrades; company; compaq; computin; comrade;
      comrades; condo; condom; connie; conserva; console; continue; control;
      cook; cookbook; cookie; cool; cooper; copper; cops; copy; corneliu;
      cornelius; correct; counters; country; couscous; cowboy; crack;
      crackpot; crash; cream; create; creation; creature; credit; creosote;
      cretin; crime; criminal; cristina; crystal; cshrc; ctx; cunt;
      customer; cyber; cyberpun; cyberspa; cynthia; d00d; daemon; daisy;
      dana; dancer; daniel; danielle; danny; dapper; dark; darkaven; data;
      databasepass; databasepassword; dave; dawn; db1; db1234; db2; dbpass;
      dbpassword; dead; death; deathsta; deb; debbie; deborah; debug;
      december; deck; defoe; Dell; dell; delta; deluge; demo; DEMO;
      democrat; denise; dennis; desiree; desk; desktop; desperat; desperate;
      develop; device; devil; dial; diamond; diana; diane; dice; dick;
      diehard; diet; dieter; digital; dinosaur; dipshit; direct; director;
      dirty; disc; discipli; disclose; discover; discovery; disk; diskette;
      disney; display; doctor; dog; dollar; domain; domainpass;
      domainpassword; donaldduck; dong; doom; doom2; doomii; doomsday;
      doonesbu; door; doors; dope; dos; dragon; drdoom; drive; drought;
      duck; dud3; dude; dudette; duelist; duke; dulce; duncan; dungeon;
      dyke; eager; eagle; earth; easier; easy; eatme; echo; eddie; edges;
      edinburg; edinburgh; edit; edition; edu; educatio; education; edwin;
      edwina; egghead; eiderdow; eiderdown; eileen; einsiein; einstein;
      elaine; elanor; electron; elephant; elizabet; elizabeth; ellen; email;
      emerald; emily; emmanuel; enable; enemy; engine; engineer; england;
      english; enter; enterpri; enterprise; enzyme; erenity; eric; erica;
      erika; erin; erotic; ersatz; establis; establish; estate; eternity;
      euclid; evelyn; exchange; exchnge; expert; explode; explore; explorer;
      explosiv; extensio; extension; fairway; faith; falcon; FALSE; family;
      farad; faraday; fart; fast; fear; feds; felicia; fender; fermat;
      ferrari; fidelity; field; fight; file; FILES; finite; fire; firewall;
      fish; fishers; flakes; float; florida; flower; flowers; foobar; food;
      fool; foolproo; foolproof; football; force; ford; foresigh; foresight;
      forever; form; format; fornicat; forsythe; fourier; foxtrot; france;
      frank; freak; fred; freddy; free; freedom; french; friday; friend;
      friends; frighten; frog; fryguy; fubar; fuck; fucked; fucker; fucking;
      fuckme; fuckyou; fudge; FULL; fun; function; fungible; gabriel; games;
      gardner; garfield; Gast; gateway; gatherin; gatt; gauss; george; germ;
      gertrude; ghost; gibson; gigabyte; gina; ginger; girl; glacier; glen;
      gnu; gobo; god; godblessyou; gold; golden; golf; golfer; good;
      gorgeous; gorges; gosling; gouge; govermen; grades; graham; grahm;
      grand; grant; great; green; group; gryphon; guardian; gucci; guess;
      guessme; ; guitar; gumption; guntis; h4x0r1ng; h4x0ring; h4x1ng; hack;
      hacked; hacker; hagar; hair; hal; hallowee; hamlet; hamster; handel;
      handily; handjob; happenin; happening; hard; hardcore; harddriv;
      harmony; harold; harvey; hate; haven; hawaii; hax; hax0r; haxing;
      head; headbang; headoffice; heat; heathen; heather; heaven; hebrides;
      heidi; heinlein; hell; hello; help; herb; herbert; hero; heroin;
      hewlett; hexadeci; hiawatha; hibernia; hidden; high; highland; hitler;
      hits; hole; holly; hollywoo; home; homepage; homer; homeuser;
      homework; honey; hooker; hooters; horny; horrible; horror; horse;
      horus; host; hotdog; hotel; http; hunt; hunter; hutchins; hydrogen;
      hyper; hypertxt; ian; ibm; icecream; ihavenopass; illumina; image;
      imbrogli; imbroglio; immortal; imperial; include; india; indian;
      indiana; indians; ingres; ingress; ingrid; inna; innocuou; innocuous;
      input; inside; integer; internet; Internet; intranet; invent; Inviter;
      irene; irishman; irule; isis; jackie; jail; jane; janet; janice;
      janie; japan; jasmin; java; jazz; jean; jeanne; jeff; jen; jenni;
      jennifer; jenny; jerry; jerusale; jessica; jester; jewelry; jill;
      jixian; joan; joanne; jody; joe; john; johndoe; johnny; joseph;
      joshua; journal; joy; joyce; judith; judy; juggle; juicy; julia;
      julie; juliet; june; jupiter; kaka; karen; karie; karina; katana;
      kate; kathleen; kathrine; kathy; katie; katina; katrina; kelly; keri;
      kermit; kernel; kerri; kerrie; kerry; kevin; kewl; keybord; keyin;
      keyword; kiddie; kids; kill; killer; killthem; kilo; kim; kimberly;
      king; kirk; kirkland; kiss; kissmyas; kitten; klingon; knife; knight;
      knightma; known; krista; kristen; kristi; kristie; kristin; kristine;
      kristy; l337; l33t; ladies; ladle; lakers; lambda; laminati;
      lamination; lan; lana; laptop; lara; larkin; larry; laser; laura;
      lava; lazarus; lazer; leah; lebesgue; lee; leet; left; leftwing;
      legal; leland; leroy; lesbian; leslie; letmein; lewis; lexluthe;
      liberal; library; lick; licker; life; light; lightsab; lima; limbaugh;
      limited; linda; link; linux; lion; lips; lisa; lisp; literatu; live;
      liz; load; LOCAL; lock; lockout; lockword; logic; Login; loginpass;
      loginwor; logout; lois; lol; lolopc; loose; lore; lori; lorin;
      lorraine; loser; louis; love; lovebug; lover; luck; lucus; lucy; lude;
      luke; lust; lynn; lynne; machine; macintos; macintosh; mack; macro;
      maggot; magic; magnet; mail; main; maint; malcolm; malcom; mana;
      manager; mara; marci; marcy; maria; mariens; marietta; marijuan;
      marines; mark; markus; marni; marriage; mars; marty; marvin; mary;
      mason; mass; master; Mat; math; Matt; Matthew; maurice; meagan;
      megabyte; megadeth; megan; melissa; mellon; melrose; member; memory;
      menace; menu; mercury; merlin; metal; metalhea; metalica; mets; mgr;
      mice; michael; michel; michelan; michele; michelle; mickey; micro;
      microchi; micropro; microsof; midieval; mike; mine; minimum; minsky;
      mirc; misfit; mission; mit; mkii; mode; modem; mogul; moguls; monday;
      monica; moom; moor; moose; more; morley; morris; mortal; mortalco;
      mortgage; mosaic; mountain; mouse; move; movie; movies; mozart; mpeg;
      msdos; muppets; mutant; mypass; mypass123; mypc; mypc123; nagel; name;
      nancy; napoleon; nasa; navy; neil; nepenthe; neptune; ness; net;
      netbios; netdevil; net-devil; netfuck; netscape; network; new;
      newborn; news; newsgrou; newton; newyork; next; nice; nicole;
      nicotine; night; nightmar; Nilez; nintendo; nita; nnaacp; noble;
      nobody; node; nokia; none; noob; noreen; notes; noth; nova; novel;
      november; noxious; nuclear; nude; nuke; nukem; null; number; nutritio;
      nutrition; nuts; nyquist; obscurit; oceanogr; oceanography; ocelot;
      OEM; oem; oeminstall; oemuser; office; okay; oldage; olivetti; olivia;
      omega; opening; openlock; opensesa; operator; orange; orca; orient;
      orwell; oscar; osiris; outdoors; outlaw; outlook; output; outside;
      oxford; pacific; packard; packer; pad; painless; paint; pakistan; pam;
      pamela; papa; paper; papers; pascal; pass; pass123; pass1234;
      passphra; passwd; Password; PASSWORD; password; password1;
      password123; paste; pat; patricia; patrick; patriot; patty; paula;
      peanuts; pecker; pencil; penelope; penguin; penis; Penis; penname;
      pentagon; pentagra; penthous; pentium; peoria; pepper; pepsi;
      percolat; percolate; perfect; permit; persimmo; persimmon; persona;
      pervert; pete; peter; phil; philip; phoenix; phone; photon; phrack;
      phrase; phreak; phuck; pick; pierre; pimp; pink; pinname; piss; pizza;
      plane; playboy; plover; pluto; plymouth; poetry; police; polly;
      polynomi; polynomial; ponderin; pondering; poop; poor; pork; porn;
      porno; porsche; post; poster; power; praise; precious; prelude;
      presto; prince; princeto; princeton; printer; priv; private; privs;
      proceed; processo; professo; professor; profile; program; prompt;
      protect; protozoa; psycho; psychopa; pub; public; puck; puke; pumpkin;
      puneet; punisher; punk; puppet; pussy; pw123; pwd; qaz; quebec; qwe;
      qwer; qwert; qwerty; r00t; rabbit; rachel; rachelle; rachmani;
      rachmaninoff; RAGE; raid; rain; rainbow; raindrop; raleigh; rape;
      rascal; razor; READ; reagan; reality; really; ream; reaper; rebal;
      rebecca; rebel; record; reddawn; redhead; referenc; regional; release;
      remote; renee; reno; rent; report; republic; resistan; reveal; rhino;
      rich; rick; riffraff; right; rightwin; ring; riot; ripple; risc; rje;
      roach; robert; robin; robot; robotics; robyn; rochelle; rocheste;
      rochester; rock; rocky; rockyhor; rodent; rolex; romano; romeo;
      romulan; ron; ronald; ROOT; root; rooted; Rosco; RoscoP;
      RoscoPColtrane; rose; rosebud; rosemary; roses; Ross; rough; RPC;
      rubber; ruben; ruby; rude; rules; running; rush; ruth; safe; sage;
      sal; salami; sale; salt; sam; samantha; sample; sandra; sandy; sara;
      sarah; satan; satanic; satanik; saturday; saturn; saxon; scamper;
      scheme; school; schoolsucks; scifi; scorpion; scott; scotty; scout;
      script; scriptkiddie; search; secret; security; seed; sega; sensor;
      sentinel; sentry; serenity; serial; SERVER; server; service; sesame;
      sex; sexy; shannon; sharc; SHARE; shark; sharks; sharon; sheffiel;
      sheffield; sheldon; shell; sherri; shift; shirley; shit; shitpot;
      shiva; shivers; short; shuttle; sick; siemens; sierra; signatur;
      signature; silver; simcity; simon; simple; simpsons; simulati; singer;
      single; site; skull; slave; slick; sliders; slow; slut; small; smart;
      smile; smiles; smooch; smother; smtp; smut; snach; snafu; snake;
      snatch; snoopy; soap; social; socrates; sodomy; soft; software;
      somebody; sondra; sonia; sonic; sonya; sossina; source; south;
      spaceman; spaceshi; sparrows; spear; spell; spencer; spice; spider;
      spiderma; spit; spred; spring; springer; spunk; sql; sqlagent;
      sqlpass; squires; sr71; stacey; staci; stacie; stacy; Standard; star;
      starship; start; startrek; startup; starwars; steak; steal; steel;
      steph; stephani; stephanie; stereo; steve; stoneage; stoned; stones;
      strange; strangle; stratfor; stratford; streetfi; string; strip;
      stuttgar; stuttgart; subscrib; subway; success; suck; suckmydi; sucks;
      sue; summer; sun; sunday; super; superman; superson; supersta;
      superstage; superuse; superuser; supervis; support; supporte;
      supported; surfer; surfing; susan; susanne; susie; suzanne; suzie;
      swearer; sweat; switch; sword; sybase; sybil; symmetry; sys; sysadmin;
      sysop; SYSTEM; system; tabasco; talk; tall; tamara; tami; tamie;
      tammy; tangerin; tangerine; tango; tape; tara; target; tarragon;
      taylor; team; teapot; tears; tech; technical; teen; teenage; telephon;
      telephone; telnet; temp; TEMP; temp123; temptati; temptation; tennis;
      tera; terminal; terminat; tess; Test; test; TEST; test123; tester;
      testin; testing; tetris; text; thailand; theresa; thin; thursday;
      tiffany; tiger; time; tina; tits; toad; toggle; token; tokenrin;
      tomato; topograp; topography; tortoise; toxic; toyota; traci; tracie;
      tracy; trails; transfer; trap; trapdoor; tree; trek; trisha; trivial;
      trojan; trombone; tron; TRUE; truth; tty; tubas; tuesday; turn;
      turnip; tuttle; ugly; umesh; uncle; undo; unhappy; unicorn; uniform;
      universa; universe; universi; unix; unknown; unlock; upload; uranus;
      urchin; ursula; usenet; user; user1; usermane; username; userpassword;
      usmc; util; utility; uucp; uwontguessme; vagina; valerie; vampire;
      vasant; venus; veronica; vertigo; vicky; victor; video; videogam;
      village; virgin; virginia; virus; visitor; visual; visualba; vodka;
      w00t; waco; ward; warez; warfare; wargames; warp; warren; wasp;
      watchwor; water; wave; web; webpage; wednesda; weed; weenie; well;
      wendi; wendy; werewolf; west; western; wh0r3; wh0re; whatever;
      whatnot; whisky; white; whiting; whitney; wholesal; wholesale; whore;
      wileecoyote; will; william; williams; williamsburg; willie; wilma;
      win; win2000; win2k; win98; windose; windows; windows2k; windows95;
      windows98; windowsME; WindowsXP; windowz; windoze; windoze2k;
      windoze95; windoze98; windozeME; windozexp; wine; wing; winnt;
      winpass; winston; winxp; wired; wisconsi; wisconsin; wiseass; within;
      wizard; wolf; wolverin; woman; wombat; women; wood; woodwind; word;
      wordperf; worf; work; worm; wormwood; WRITE; wwii; www; wyoming; xena;
      xfer; xman; xmen; xmodem; xray; xxx; xxxx; xxxxx; xxxxxx; xxxxxxx;
      xxxxxxxx; xxxxxxxxx; xyz; xyzzy; yaco; yang; yankee; yellow; yellowst;
      yellowstone; yolanda; yosemite; young; youwontguessme; yxcv; zap;
      zebra; zeitgeis; ziggy; zimmerma; zimmerman; zmodem; zombie; zulu;
      zxc; zxcv

Exploit:
Faz uso dos seguintes Exploits:
– MS03-026 (Buffer Overrun in RPC Interface)
– MS03-039 (Buffer Overrun in RPCSS Service)
– MS03-049 (Buffer Overrun in the Workstation Service)
– MS04-007 (ASN.1 Vulnerability)
– MS04-011 (LSASS Vulnerability)
– MS05-039 (Vulnerability in Plug and Play)

Criação de endereços IP:
Cria endereços IP aleatórios e tenta estabelecer uma ligação com eles.

Processo de infecção:
Cria um script TFTP ou FTP na máquina a atacada para permitir o download do malware da máquina atacante.

IRC Para enviar informação do sistema e permitir controlo remoto liga-se aos servidores de IRC:

Servidor: **********killernet.com.br
Porta: 6667
Canal #kkk
Nickname: USA|%cinco caracteres aleatórios%
Palavra-chave .

Servidor: **********wtflol.hn.org
Porta: 6667
Canal #kkk
Nickname: USA|%cinco caracteres aleatórios%
Palavra-chave .

– Este malware tem a capacidade de recolher e enviar a seguinte informação:
    • Captura do ecrã
    • Imagens capturas a partir de webcam
    • Velocidade do CPU
    • Utilizador Actual
    • Espaço disponível no disco
    • Memória disponível
    • Tempo de vida do malware
    • Informações sobre a rede
    • Informação sobre processos em execução
    • Capacidade da memória
    • Directório de sistema
    • Nome de utilizador

– Para além disso tem a capacidade de executar as seguintes acções:
    • Lança DDoS ICMP floods
    • Lança DDoS SYN floods
    • Lança DDoS TCP floods
    • Lança DDoS UDP floods
    • Desactiva o DCOM
    • Desactiva partilhas de rede
    • Download de ficheiros
    • Activa o DCOM
    • Activa partilhas de rede
    • Executa o ficheiro
    • Ligação ao canal IRC
    • Abandona canais IRC
    • Abre ligações remotas
    • Ataque de Negação de Serviços (ataque DoS)
    • Executa pesquisas na rede
    • Redireccionamento de porta
    • Reinicia
    • Inicia o keylog
    • Inicia a rotina de propagação
    • Termina processos
    • Actualiza-se a ele próprio
    • Upload de ficheiros
    • Visita um Web site

Terminar o processo A seguinte lista de processos são terminados:
   • _AVP32.EXE; _AVPCC.EXE; _AVPM.EXE; ACKWIN32.EXE; ADAWARE.EXE;
      ADVXDWIN.EXE; AGENTSVR.EXE; AGENTW.EXE; ALERTSVC.EXE; ALEVIR.EXE;
      ALOGSERV.EXE; AMON9X.EXE; ANTI-TROJAN.EXE; ANTIVIRUS.EXE; ANTS.EXE;
      APIMONITOR.EXE; APLICA32.EXE; APVXDWIN.EXE; ARR.EXE; ATCON.EXE;
      ATGUARD.EXE; ATRO55EN.EXE; ATUPDATER.EXE; ATWATCH.EXE; AU.EXE;
      AUPDATE.EXE; AUTODOWN.EXE; AUTO-PROTECT.NAV80TRY.EXE; AUTOTRACE.EXE;
      AUTOUPDATE.EXE; AVCONSOL.EXE; AVE32.EXE; AVGCC32.EXE; AVGCTRL.EXE;
      AVGNT.EXE; AVGSERV.EXE; AVGSERV9.EXE; AVGUARD.EXE; AVGW.EXE;
      AVKPOP.EXE; AVKSERV.EXE; AVKSERVICE.EXE; AVKWCTl9.EXE; AVLTMAIN.EXE;
      AVNT.EXE; AVP.EXE; AVP32.EXE; AVPCC.EXE; AVPDOS32.EXE; AVPM.EXE;
      AVPTC32.EXE; AVPUPD.EXE; AVSCHED32.EXE; AVSYNMGR.EXE; AVWIN95.EXE;
      AVWINNT.EXE; AVWUPD.EXE; AVWUPD32.EXE; AVWUPSRV.EXE; AVXMONITOR9X.EXE;
      AVXMONITORNT.EXE; AVXQUAR.EXE; BACKWEB.EXE; BARGAINS.EXE; bbeagle.exe;
      BD_PROFESSIONAL.EXE; BEAGLE.EXE; BELT.EXE; Bi11r54n4.exe; BIDEF.EXE;
      BIDSERVER.EXE; BIPCP.EXE; BIPCPEVALSETUP.EXE; BISP.EXE; BLACKD.EXE;
      BLACKICE.EXE; BLSS.EXE; BOOTCONF.EXE; BOOTWARN.EXE; BORG2.EXE;
      BPC.EXE; BRASIL.EXE; BS120.EXE; BUNDLE.EXE; BVT.EXE; CCAPP.EXE;
      CCEVTMGR.EXE; CCPXYSVC.EXE; CDP.EXE; CFD.EXE; CFGWIZ.EXE;
      CFIADMIN.EXE; CFIAUDIT.EXE; CFINET.EXE; CFINET32.EXE; Claw95.EXE;
      CLAW95CF.EXE; CLEAN.EXE; CLEANER.EXE; CLEANER3.EXE; CLEANPC.EXE;
      CLICK.EXE; CMD32.EXE; CMESYS.EXE; CMGRDIAN.EXE; CMON016.EXE;
      CONNECTIONMONITOR.EXE; CPD.EXE; CPF9X206.EXE; CPFNT206.EXE; CTRL.EXE;
      CV.EXE; CWNB181.EXE; CWNTDWMO.EXE; d3dupdate.exe; DATEMANAGER.EXE;
      DCOMX.EXE; DEFALERT.EXE; DEFSCANGUI.EXE; DEFWATCH.EXE; DEPUTY.EXE;
      DIVX.EXE; DLLCACHE.EXE; DLLREG.EXE; DOORS.EXE; DPF.EXE; DPFSETUP.EXE;
      DPPS2.EXE; DRWATSON.EXE; DRWEB32.EXE; DRWEBUPW.EXE; DSSAGENT.EXE;
      DVP95.EXE; DVP95_0.EXE; ECENGINE.EXE; EFPEADM.EXE; EMSW.EXE; ENT.EXE;
      ESAFE.EXE; ESCANH95.EXE; ESCANHNT.EXE; ESCANV95.EXE; ESPWATCH.EXE;
      ETHEREAL.EXE; ETRUSTCIPE.EXE; EVPN.EXE; EXANTIVIRUS-CNET.EXE;
      EXE.AVXW.EXE; EXPERT.EXE; EXPLORE.EXE; F-AGNT95.EXE; F-AGOBOT.EXE;
      FAMEH32.EXE; FAST.EXE; FCH32.EXE; FIH32.EXE; FINDVIRU.EXE;
      FIREWALL.EXE; FLOWPROTECTOR.EXE; FNRB32.EXE; FPROT.EXE; F-PROT.EXE;
      F-PROT95.EXE; FP-WIN.EXE; FP-WIN_TRIAL.EXE; FRW.EXE; FSAA.EXE;
      FSAV.EXE; FSAV32.EXE; FSAV530STBYB.EXE; FSAV530WTBYB.EXE; FSAV95.EXE;
      FSGK32.EXE; FSM32.EXE; FSMA32.EXE; FSMB32.EXE; F-STOPW.EXE; GATOR.EXE;
      GBMENU.EXE; GBPOLL.EXE; GENERICS.EXE; GMT.EXE; GUARD.EXE;
      GUARDDOG.EXE; HACKTRACERSETUP.EXE; HBINST.EXE; HBSRV.EXE;
      HIJACKTHIS.EXE; HOTACTIO.EXE; HOTPATCH.EXE; HTLOG.EXE; HTPATCH.EXE;
      HWPE.EXE; HXDL.EXE; HXIUL.EXE; IAMAPP.EXE; IAMSERV.EXE; IAMSTATS.EXE;
      IBMASN.EXE; IBMAVSP.EXE; ICLOAD95.EXE; ICLOADNT.EXE; ICMON.EXE;
      ICSUPP95.EXE; ICSUPPNT.EXE; IDLE.EXE; IEDLL.EXE; IEDRIVER.EXE;
      IEXPLORER.EXE; IFACE.EXE; IFW2000.EXE; INETLNFO.EXE; INFUS.EXE;
      INFWIN.EXE; INIT.EXE; INTDEL.EXE; INTREN.EXE; IOMON98.EXE;
      IPARMOR.EXE; IRIS.EXE; irun4.exe; ISASS.EXE; ISRV95.EXE; ISTSVC.EXE;
      JAMMER.EXE; JDBGMRG.EXE; JEDI.EXE; KAVLITE40ENG.EXE; KAVPERS40ENG.EXE;
      KAVPF.EXE; KAZZA.EXE; KEENVALUE.EXE; KERIO-PF-213-EN-WIN.EXE;
      KERIO-WRL-421-EN-WIN.EXE; KERIO-WRP-421-EN-WIN.EXE; KERNEL32.EXE;
      KILLPROCESSSETUP161.EXE; LAUNCHER.EXE; LDNETMON.EXE; LDPRO.EXE;
      LDPROMENU.EXE; LDSCAN.EXE; LNETINFO.EXE; LOADER.EXE; LOCALNET.EXE;
      LOCKDOWN.EXE; LOCKDOWN2000.EXE; LOOKOUT.EXE; LORDPE.EXE; LSETUP.EXE;
      LUALL.EXE; LUAU.EXE; LUCOMSERVER.EXE; LUINIT.EXE; LUSPT.EXE;
      MAPISVC32.EXE; MCAGENT.EXE; MCMNHDLR.EXE; MCSHIELD.EXE; MCTOOL.EXE;
      MCUPDATE.EXE; MCVSRTE.EXE; MCVSSHLD.EXE; MD.EXE; MFIN32.EXE;
      MFW2EN.EXE; MFWENG3.02D30.EXE; MGAVRTCL.EXE; MGAVRTE.EXE; MGHTML.EXE;
      MGUI.EXE; MINILOG.EXE; MMOD.EXE; MONITOR.EXE; MOOLIVE.EXE; MOSTAT.EXE;
      MPFAGENT.EXE; MPFSERVICE.EXE; MPFTRAY.EXE; MRFLUX.EXE; MSAPP.EXE;
      MSBB.EXE; MSBLAST.EXE; MSCACHE.EXE; MSCCN32.EXE; MSCMAN.EXE;
      MSCONFIG.EXE; mscvb32.exe; MSDM.EXE; MSDOS.EXE; MSIEXEC16.EXE;
      MSINFO32.EXE; MSLAUGH.EXE; MSMGT.EXE; MSMSGRI32.EXE; MSSMMC32.EXE;
      MSSYS.EXE; MSVXD.EXE; MU0311AD.EXE; MWATCH.EXE; N32SCANW.EXE; NAV.EXE;
      NAVAP.NAVAPSVC.EXE; NAVAPSVC.EXE; NAVAPW32.EXE; NAVDX.EXE;
      NAVENGNAVEX15.NAVLU32.EXE; NAVLU32.EXE; NAVNT.EXE; NAVSTUB.EXE;
      NAVW32.EXE; NAVWNT.EXE; NC2000.EXE; NCINST4.EXE; NDD32.EXE;
      NEOMONITOR.EXE; NEOWATCHLOG.EXE; NETARMOR.EXE; NETD32.EXE;
      NETINFO.EXE; NETMON.EXE; NETSCANPRO.EXE; NETSPYHUNTER-1.2.EXE;
      NETSTAT.EXE; NETUTILS.EXE; NISSERV.EXE; NISUM.EXE; NMAIN.EXE;
      NOD32.EXE; NORMIST.EXE; NORTON_INTERNET_SECU_3.0_407.EXE;
      NOTSTART.EXE; NPF40_TW_98_NT_ME_2K.EXE; NPFMESSENGER.EXE;
      NPROTECT.EXE; NPSCHECK.EXE; NPSSVC.EXE; NSCHED32.EXE; NSSYS32.EXE;
      NSTASK32.EXE; NSUPDATE.EXE; NT.EXE; NTRTSCAN.EXE; NTVDM.EXE;
      NTXconfig.EXE; NUI.EXE; NUPGRADE.EXE; NVARCH16.EXE; NVC95.EXE;
      NVSVC32.EXE; NWINST4.EXE; NWSERVICE.EXE; NWTOOL16.EXE; OLLYDBG.EXE;
      ONSRVR.EXE; OPTIMIZE.EXE; OSTRONET.EXE; OTFIX.EXE; OUTPOST.EXE;
      OUTPOSTINSTALL.EXE; OUTPOSTPROINSTALL.EXE; PADMIN.EXE;
      PandaAVEngine.exe; PANIXK.EXE; PATCH.EXE; PAVCL.EXE; PAVPROXY.EXE;
      PAVSCHED.EXE; PAVW.EXE; PCC2002S902.EXE; PCC2K_76_1436.EXE;
      PCCIOMON.EXE; PCCNTMON.EXE; PCCWIN97.EXE; PCCWIN98.EXE; PCDSETUP.EXE;
      PCFWALLICON.EXE; PCIP10117_0.EXE; PCSCAN.EXE; PDSETUP.EXE; PENIS.EXE;
      Penis32.exe; PERISCOPE.EXE; PERSFW.EXE; PERSWF.EXE; PF2.EXE;
      PFWADMIN.EXE; PGMONITR.EXE; PINGSCAN.EXE; PLATIN.EXE; POP3TRAP.EXE;
      POPROXY.EXE; POPSCAN.EXE; PORTDETECTIVE.EXE; PORTMONITOR.EXE;
      POWERSCAN.EXE; PPINUPDT.EXE; PPTBC.EXE; PPVSTOP.EXE; PRIZESURFER.EXE;
      PRMT.EXE; PRMVR.EXE; PROCDUMP.EXE; PROCESSMONITOR.EXE;
      PROCEXPLORERV1.0.EXE; PROGRAMAUDITOR.EXE; PROPORT.EXE; PROTECTX.EXE;
      PSPF.EXE; PURGE.EXE; PUSSY.EXE; PVIEW95.EXE; QCONSOLE.EXE;
      QSERVER.EXE; RAPAPP.EXE; rate.exe; RAV7.EXE; RAV7WIN.EXE;
      RAV8WIN32ENG.EXE; RAY.EXE; RB32.EXE; RCSYNC.EXE; REALMON.EXE;
      REGED.EXE; REGEDIT.EXE; REGEDT32.EXE; RESCUE.EXE; RESCUE32.EXE;
      RRGUARD.EXE; RSHELL.EXE; RTVSCAN.EXE; RTVSCN95.EXE; RULAUNCH.EXE;
      RUN32DLL.EXE; RUNDLL.EXE; RUNDLL16.EXE; RUXDLL32.EXE; SAFEWEB.EXE;
      SAHAGENT.EXE; SAVE.EXE; SAVENOW.EXE; SBSERV.EXE; SC.EXE; SCAM32.EXE;
      SCAN32.EXE; SCAN95.EXE; SCANPM.EXE; SCRSCAN.EXE; SCRSVR.EXE;
      SCVHOST.EXE; SD.EXE; SERV95.EXE; SERVICE.EXE; SERVLCE.EXE;
      SERVLCES.EXE; SETUP_FLOWPROTECTOR_US.EXE; SETUPVAMEEVAL.EXE; SFC.EXE;
      SGSSFW32.EXE; SH.EXE; SHELLSPYINSTALL.EXE; SHN.EXE; SHOWBEHIND.EXE;
      SMC.EXE; SMS.EXE; SMSS32.EXE; SOAP.EXE; SOFI.EXE; SPERM.EXE; SPF.EXE;
      SPHINX.EXE; SPOLER.EXE; SPOOLCV.EXE; SPOOLSV32.EXE; SPYXX.EXE;
      SREXE.EXE; SRNG.EXE; SS3EDIT.EXE; ssate.exe; SSG_4104.EXE;
      SSGRATE.EXE; ST2.EXE; START.EXE; STCLOADER.EXE; SUPFTRL.EXE;
      SUPPORT.EXE; SUPPORTER5.EXE; SVC.EXE; SVCHOSTC.EXE; SVCHOSTS.EXE;
      SVSHOST.EXE; SWEEP95.EXE; SWEEPNET.SWEEPSRV.SYS.SWNETSUP.EXE;
      SYMPROXYSVC.EXE; SYMTRAY.EXE; SYSEDIT.EXE; sysinfo.exe; SysMonXP.exe;
      SYSTEM.EXE; SYSTEM32.EXE; SYSUPD.EXE; TASKMG.EXE; TASKMO.EXE;
      TASKMON.EXE; TAUMON.EXE; TBSCAN.EXE; TC.EXE; TCA.EXE; TCM.EXE;
      TDS2-98.EXE; TDS2-NT.EXE; TDS-3.EXE; TEEKIDS.EXE; TFAK.EXE; TFAK5.EXE;
      TGBOB.EXE; TITANIN.EXE; TITANINXP.EXE; TRACERT.EXE; TRICKLER.EXE;
      TRJSCAN.EXE; TRJSETUP.EXE; TROJANTRAP3.EXE; TSADBOT.EXE; TVMD.EXE;
      TVTMD.EXE; UNDOBOOT.EXE; UPDAT.EXE; UPDATE.EXE; UPGRAD.EXE;
      UTPOST.EXE; VBCMSERV.EXE; VBCONS.EXE; VBUST.EXE; VBWIN9X.EXE;
      VBWINNTW.EXE; VCSETUP.EXE; VET32.EXE; VET95.EXE; VETTRAY.EXE;
      VFSETUP.EXE; VIR-HELP.EXE; VIRUSMDPERSONALFIREWALL.EXE; VNLAN300.EXE;
      VNPC3000.EXE; VPC32.EXE; VPC42.EXE; VPFW30S.EXE; VPTRAY.EXE;
      VSCAN40.EXE; VSCENU6.02D30.EXE; VSCHED.EXE; VSECOMR.EXE; VSHWIN32.EXE;
      VSISETUP.EXE; VSMAIN.EXE; VSMON.EXE; VSSTAT.EXE; VSWIN9XE.EXE;
      VSWINNTSE.EXE; VSWINPERSE.EXE; W32DSM89.EXE; W9X.EXE; WATCHDOG.EXE;
      WEBDAV.EXE; WEBSCANX.EXE; WEBTRAP.EXE; WFINDV32.EXE; WGFE95.EXE;
      WHOSWATCHINGME.EXE; WIMMUN32.EXE; WIN32.EXE; WIN32US.EXE;
      WINACTIVE.EXE; WIN-BUGSFIX.EXE; WINDOW.EXE; WINDOWS.EXE; WININETD.EXE;
      WININIT.EXE; WININITX.EXE; WINLOGIN.EXE; WINMAIN.EXE; WINNET.EXE;
      WINPPR32.EXE; WINRECON.EXE; WINSERVN.EXE; WINSSK32.EXE; WINSTART.EXE;
      WINSTART001.EXE; winsys.exe; WINTSK32.EXE; winupd.exe; WINUPDATE.EXE;
      WKUFIND.EXE; WNAD.EXE; WNT.EXE; WRADMIN.EXE; WRCTRL.EXE; WSBGATE.EXE;
      WUPDATER.EXE; WUPDT.EXE; WYVERNWORKSFIREWALL.EXE; XPF202EN.EXE;
      ZAPRO.EXE; ZAPSETUP3001.EXE; ZATUTOR.EXE; ZONALM2601.EXE;
      ZONEALARM.EXE

Roubos de informação Tenta roubar a seguinte informação:

– As seguintes CD Keys:
   • Battlefield 1942; Battlefield 1942 (Road To Rome); Battlefield 1942
      (Secret Weapons of WWII); Battlefield Vietnam; Black and White;
      Chrome; Command and Conquer: Generals; Command and Conquer: Generals
      (Zero Hour); Command and Conquer: Red Alert; Command and Conquer: Red
      Alert 2; Command and Conquer: Tiberian Sun; Counter-Strike (Retail);
      FIFA 2002; FIFA 2003; Freedom Force; Global Operations; Gunman
      Chronicles; Half-Life; Hidden & Dangerous 2; IGI 2: Covert Strike;
      Industry Giant 2; James Bond 007: Nightfire; Legends of Might and
      Magic; Medal of Honor: Allied Assault; Medal of Honor: Allied Assault:
      Breakthrough; Medal of Honor: Allied Assault: Spearhead; Nascar Racing
      2002; Nascar Racing 2003; Need For Speed Hot Pursuit 2; Need For
      Speed: Underground; Neverwinter Nights; Neverwinter Nights (Hordes of
      the Underdark); Neverwinter Nights (Shadows of Undrentide); NHL 2002;
      NHL 2003; NOX; Rainbow Six III RavenShield; Shogun: Total War: Warlord
      Edition; Soldier of Fortune II - Double Helix; Soldiers Of Anarchy;
      The Gladiators; Unreal Tournament 2003; Unreal Tournament 2004

Informações diversas Mutex:
Cria o seguinte Mutex:
• 72462456

Detalhes do ficheiro Linguagem de programação:
O programa de malware está escrito em MS Visual C++.

Empacotador de Runtime:
De forma a agravar a detecção e reduzir o tamanho do ficheiro é lançado com o seguinte empacotador de runtime:
• Morphine

Descrição enviada por Iulia Diaconescu em sexta-feira, 23 de setembro de 2005
Descrição atualizada por Iulia Diaconescu em quinta-feira, 29 de setembro de 2005

Voltar . . . .

Proteçao especial para PCs

Produtos gratuitos

Produtos mais populares

Todos os produtos

Soluçoes em pacote

Estaçoes de trabalho

Server

Soluçoes em pacote

Mail Gateways

Web Gateways

Plataformas de colaboraçao

Usuários domésticos

Empresas

Laboratório de vírus

Mais suporte

Seja um parceiro Avira

Usuários domésticos

Empresas

Deseja apenas experimentar um produto?

Manuais e ferramentas