Full description

Vírus	TR/Click.Agent.HZ.16
Data em que surgiu:	13/10/2006
Tipo:	Trojan
Incluído na lista "In The Wild"	Não
Nível de danos:	Baixo
Nível de distribuição:	Baixo
Nível de risco:	Médio
Ficheiro estático:	Sim
Tamanho:	118.784 Bytes
MD5 checksum:	482a73ef74187a030343e803444209f7
Versão VDF:	6.36.00.101
Versão IVDF:	6.36.00.117 - terça-feira, 17 de outubro de 2006

Vulgarmente Alias:
   • Kaspersky: Trojan-Clicker.Win32.Agent.hz
   • Sophos: Troj/Agent-DMT
   • Bitdefender: Trojan.Clicker.Agent.HZ

Sistemas Operativos:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP

Efeitos secundários:
   • Altera o registo do Windows
   • Informação de roubos

Registry (Registo do Windows) Regista um Objecto de Ajuda do Browser (BHO) adicionando a seguinte chave ao registo do Windows:

– HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
   Browser Helper Objects\{14D1A72D-8705-11D8-B120-0040F46CB696}

São adicionadas as seguintes chaves ao registo:

– HKCU\Software\fid\keys
   • "zovirax"=dword:00000001
   • "inventory+control"=dword:00000001
   • "women+shoes"=dword:00000001
   • "rc+car"=dword:00000001
   • "satellite+television"=dword:00000001
   • "rose+flower"=dword:00000001
   • "vardenafil"=dword:00000001
   • "stock+options"=dword:00000001
   • "podiatry"=dword:00000001
   • "aim+mail"=dword:00000001
   • "ticket+brokers"=dword:00000001
   • "security+guard"=dword:00000001
   • "nashville+tn"=dword:00000001
   • "financial+information"=dword:00000001
   • "save+money"=dword:00000001
   • "military+patches"=dword:00000001
   • "gold+nuggets"=dword:00000001
   • "car+auction"=dword:00000001
   • "window+cleaning"=dword:00000001
   • "satelite+radio"=dword:00000001
   • "color+printing"=dword:00000001
   • "cheap+air"=dword:00000001
   • "yankee+tickets"=dword:00000001
   • "funerals"=dword:00000001
   • "envelope"=dword:00000001
   • "cheapest+airfare"=dword:00000001
   • "foreclosure+listings"=dword:00000001
   • "flowers+online"=dword:00000001
   • "angel+investors"=dword:00000001
   • "polyurethane"=dword:00000001
   • "bankruptcy+laws"=dword:00000001
   • "myspace+movie"=dword:00000001
   • "pagets+disease"=dword:00000001
   • "title+insurance"=dword:00000001
   • "knee+injury"=dword:00000001
   • "federal+holidays"=dword:00000001
   • "desktop+fountains"=dword:00000001
   • "hypoxia"=dword:00000001
   • "factoring+calculator"=dword:00000001
   • "transfer+factor"=dword:00000001
   • "cushions"=dword:00000001
   • "infected"=dword:00000001
   • "dating+websites"=dword:00000001
   • "teletext+holidays"=dword:00000001
   • "culinary+arts"=dword:00000001
   • "clearwater"=dword:00000001
   • "car+cover"=dword:00000001
   • "dice+games"=dword:00000001
   • "online+advertising"=dword:00000001
   • "mineral"=dword:00000001
   • "car+transports"=dword:00000001
   • "bunion"=dword:00000001
   • "screenprinting"=dword:00000001
   • "inventory"=dword:00000001
   • "pond+fountains"=dword:00000001
   • "psychics"=dword:00000001
   • "hotels+search"=dword:00000001
   • "affiliates"=dword:00000001
   • "water+softner"=dword:00000001
   • "mortgage+company"=dword:00000001
   • "disc"=dword:00000001
   • "boxing+tickets"=dword:00000001
   • "hylexin"=dword:00000001
   • "green+hornet"=dword:00000001
   • "farm+bureau"=dword:00000001
   • "ats"=dword:00000001
   • "embroidered+patches"=dword:00000001
   • "elkay"=dword:00000001
   • "conferences"=dword:00000001
   • "latitude"=dword:00000001
   • "dimensions"=dword:00000001
   • "disney+tarzan"=dword:00000001
   • "nutrients"=dword:00000001
   • "international+shipping"=dword:00000001
   • "red+neck"=dword:00000001
   • "pirate+costume"=dword:00000001
   • "peace+corp"=dword:00000001
   • "pasha"=dword:00000001
   • "poster+frame"=dword:00000001
   • "online+learning"=dword:00000001
   • "hockey+tickets"=dword:00000001
   • "dayton+ohio"=dword:00000001
   • "car+hire"=dword:00000001
   • "attorney+general"=dword:00000001
   • "galveston+texas"=dword:00000001
   • "biker+patches"=dword:00000001
   • "attorneys"=dword:00000001
   • "burts+bees"=dword:00000001
   • "diet+pill"=dword:00000001
   • "luxury+cars"=dword:00000001
   • "hot+stocks"=dword:00000001
   • "diesel+generators"=dword:00000001
   • "freight+quote"=dword:00000001
   • "ticket+broker"=dword:00000001
   • "cheap+insurance"=dword:00000001
   • "pmp"=dword:00000001
   • "pacificare"=dword:00000001
   • "dry+skin"=dword:00000001
   • "nashville+tennessee"=dword:00000001
   • "resistors"=dword:00000001
   • "felony"=dword:00000001
   • "mazda+cars"=dword:00000001
   • "classic+car"=dword:00000001
   • "foundations"=dword:00000001
   • "billy+holiday"=dword:00000001
   • "zanzibar"=dword:00000001
   • "diego"=dword:00000001
   • "caribbean+cruise"=dword:00000001
   • "spider+veins"=dword:00000001
   • "phoenix+arizona"=dword:00000001
   • "construction+loan"=dword:00000001
   • "cholesterol+diet"=dword:00000001
   • "water+softners"=dword:00000001
   • "mortgage+companies"=dword:00000001
   • "job+opportunity"=dword:00000001
   • "hotel+search"=dword:00000001
   • "moving+company"=dword:00000001
   • "sprained+ankle"=dword:00000001
   • "jock+university"=dword:00000001
   • "family+law"=dword:00000001
   • "us+currency"=dword:00000001
   • "ipo"=dword:00000001
   • "lasvegas"=dword:00000001
   • "paternity+test"=dword:00000001
   • "oriental+rugs"=dword:00000001
   • "car+wreck"=dword:00000001
   • "halloween+costume"=dword:00000001
   • "car+engine"=dword:00000001
   • "etf"=dword:00000001
   • "sports+car"=dword:00000001
   • "nelnet"=dword:00000001
   • "hoffman+enclosures"=dword:00000001
   • "car+engines"=dword:00000001
   • "singles+chat"=dword:00000001
   • "matchmaker"=dword:00000001
   • "business+grants"=dword:00000001
   • "person+finder"=dword:00000001
   • "vegas+hotels"=dword:00000001
   • "time+clock"=dword:00000001
   • "mortgage+brokers"=dword:00000001
   • "living+wills"=dword:00000001
   • "theater+tickets"=dword:00000001
   • "nikki+warner"=dword:00000001
   • "acne+treatment"=dword:00000001
   • "drunken"=dword:00000001
   • "flower+preservation"=dword:00000001
   • "brain+injury"=dword:00000001
   • "diesel+generator"=dword:00000001
   • "david+yurman"=dword:00000001
   • "termite+control"=dword:00000001
   • "conversion+factors"=dword:00000001
   • "range+hoods"=dword:00000001
   • "indianapolis+colts"=dword:00000001
   • "fico+score"=dword:00000001
   • "trading"=dword:00000001
   • "infant"=dword:00000001
   • "stock+charts"=dword:00000001
   • "lemon+law"=dword:00000001
   • "interflora"=dword:00000001
   • "foundation"=dword:00000001
   • "auto+glass"=dword:00000001
   • "cheap+hotel"=dword:00000001
   • "the+guardian"=dword:00000001
   • "physical+therapist"=dword:00000001
   • "la+lakers"=dword:00000001
   • "hotel+rooms"=dword:00000001
   • "hoffman"=dword:00000001
   • "federal+grants"=dword:00000001
   • "carpet+cleaners"=dword:00000001
   • "bed+sheets"=dword:00000001
   • "freight+forwarder"=dword:00000001
   • "diesel+trucks"=dword:00000001
   • "mba"=dword:00000001
   • "diflucan"=dword:00000001
   • "budgeting"=dword:00000001
   • "universities"=dword:00000001
   • "jobsearch"=dword:00000001
   • "internet+dating"=dword:00000001
   • "trade+me"=dword:00000001
   • "dow"=dword:00000001
   • "car+transport"=dword:00000001
   • "joint+pain"=dword:00000001
   • "ditech"=dword:00000001
   • "loan+consolidation"=dword:00000001
   • "car+pictures"=dword:00000001
   • "car+seats"=dword:00000001
   • "salary+comparison"=dword:00000001
   • "cubs+tickets"=dword:00000001
   • "living+trust"=dword:00000001
   • "car+stereos"=dword:00000001
   • "trade"=dword:00000001
   • "adidas+shoes"=dword:00000001
   • "travel+packages"=dword:00000001
   • "working"=dword:00000001
   • "methamphetamines"=dword:00000001
   • "job+searches"=dword:00000001
   • "first+choice"=dword:00000001
   • "phone+service"=dword:00000001
   • "tshirts"=dword:00000001
   • "water+purification"=dword:00000001
   • "ticket"=dword:00000001
   • "accountant"=dword:00000001
   • "contact"=dword:00000001
   • "sports+medicine"=dword:00000001
   • "retirement+gifts"=dword:00000001
   • "dance+wear"=dword:00000001
   • "satelite"=dword:00000001
   • "foreign+exchange"=dword:00000001
   • "financial+freedom"=dword:00000001
   • "ameriquest"=dword:00000001
   • "financial+calculator"=dword:00000001
   • "construction+loans"=dword:00000001
   • "yankees+tickets"=dword:00000001
   • "strength+training"=dword:00000001
   • "plc"=dword:00000001
   • "money+tree"=dword:00000001
   • "degree"=dword:00000001
   • "adjustable+bed"=dword:00000001
   • "theatre+tickets"=dword:00000001
   • "neck"=dword:00000001
   • "hybrid+car"=dword:00000001
   • "holiday+greenday"=dword:00000001
   • "circus+circus"=dword:00000001
   • "wicked+tickets"=dword:00000001
   • "home+school"=dword:00000001
   • "help+wanted"=dword:00000001
   • "criminal"=dword:00000001
   • "rhinoplasty"=dword:00000001
   • "stock+exchange"=dword:00000001
   • "advantage"=dword:00000001
   • "codeine"=dword:00000001
   • "business+intelligence"=dword:00000001
   • "holiday+world"=dword:00000001
   • "business+forms"=dword:00000001
   • "zithromax"=dword:00000001
   • "probate"=dword:00000001
   • "postcard+printing"=dword:00000001
   • "desktop+background"=dword:00000001
   • "bachelorette+parties"=dword:00000001
   • "stock+ticker"=dword:00000001
   • "blanket"=dword:00000001
   • "lanyard"=dword:00000001
   • "inversion+table"=dword:00000001
   • "hip+replacement"=dword:00000001
   • "promissory+note"=dword:00000001
   • "car+covers"=dword:00000001
   • "jewish+holidays"=dword:00000001
   • "manchester"=dword:00000001
   • "mileage"=dword:00000001
   • "art+photography"=dword:00000001
   • "holiday+calendar"=dword:00000001
   • "hotel+deals"=dword:00000001
   • "mortgage+insurance"=dword:00000001
   • "car+sales"=dword:00000001
   • "naughty+university"=dword:00000001
   • "mortgage+broker"=dword:00000001
   • "online+pharmacies"=dword:00000001
   • "consolidation+loans"=dword:00000001
   • "shipping"=dword:00000001
   • "race+car"=dword:00000001
   • "arlington"=dword:00000001
   • "model+cars"=dword:00000001
   • "t+shirt"=dword:00000001
   • "nfl+tickets"=dword:00000001
   • "lamisil"=dword:00000001
   • "loan+calculators"=dword:00000001
   • "national+city"=dword:00000001
   • "scuba+gear"=dword:00000001
   • "car+auctions"=dword:00000001
   • "free+ringtone"=dword:00000001
   • "safety+glasses"=dword:00000001
   • "online+education"=dword:00000001
   • "bathroom+lighting"=dword:00000001
   • "cash+money"=dword:00000001
   • "remortgage+quotes"=dword:00000001
   • "poster+frames"=dword:00000001
   • "costume"=dword:00000001
   • "root+canal"=dword:00000001
   • "fluoxetine"=dword:00000001
   • "trauma"=dword:00000001
   • "jim+cramer"=dword:00000001
   • "muscle+car"=dword:00000001
   • "bed+linens"=dword:00000001
   • "immigration+law"=dword:00000001
   • "estate+planning"=dword:00000001
   • "trader+online"=dword:00000001
   • "car+accessories"=dword:00000001
   • "knee"=dword:00000001
   • "envelopes"=dword:00000001
   • "bachelor+parties"=dword:00000001
   • "voip+service"=dword:00000001
   • "car+prices"=dword:00000001
   • "surveillance"=dword:00000001
   • "speech"=dword:00000001
   • "birth+records"=dword:00000001
   • "business+class"=dword:00000001
   • "remortgage+quote"=dword:00000001
   • "knee+replacement"=dword:00000001
   • "lending+tree"=dword:00000001
   • "bmw+cars"=dword:00000001
   • "internet+phone"=dword:00000001
   • "microdermabrasion"=dword:00000001
   • "equity+lending"=dword:00000001
   • "mark+wills"=dword:00000001
   • "cipro"=dword:00000001
   • "pool+heaters"=dword:00000001
   • "basset+hounds"=dword:00000001
   • "luxury+homes"=dword:00000001
   • "keen+psychic"=dword:00000001
   • "concert"=dword:00000001
   • "neck+pain"=dword:00000001
   • "christian+dior"=dword:00000001
   • "zone+diet"=dword:00000001
   • "guardian"=dword:00000001
   • "pet+store"=dword:00000001
   • "caribbean+cruises"=dword:00000001
   • "baseball+tickets"=dword:00000001
   • "american+airline"=dword:00000001
   • "metro+pcs"=dword:00000001
   • "klonopin"=dword:00000001
   • "gatlinburg+cabins"=dword:00000001
   • "allegra"=dword:00000001
   • "homeschool"=dword:00000001
   • "fitness+equipment"=dword:00000001
   • "verizon+phones"=dword:00000001
   • "concerts"=dword:00000001
   • "flex"=dword:00000001
   • "thyroid+cancer"=dword:00000001
   • "clomid"=dword:00000001
   • "move+it"=dword:00000001
   • "car+games"=dword:00000001
   • "holiday+recipes"=dword:00000001
   • "investments"=dword:00000001
   • "colorimeter"=dword:00000001
   • "nokia+ringtones"=dword:00000001
   • "brian"=dword:00000001
   • "motel"=dword:00000001
   • "doxycycline"=dword:00000001
   • "car+rims"=dword:00000001
   • "valtrex"=dword:00000001
   • "business+card"=dword:00000001
   • "antique+cars"=dword:00000001
   • "insurance+companies"=dword:00000001
   • "luxor"=dword:00000001
   • "backgammon"=dword:00000001
   • "car+show"=dword:00000001
   • "honolulu"=dword:00000001
   • "zero+down"=dword:00000001
   • "loose+diamonds"=dword:00000001
   • "fake+id"=dword:00000001
   • "kansas+city"=dword:00000001
   • "federal+reserve"=dword:00000001
   • "reno"=dword:00000001
   • "lanyards"=dword:00000001
   • "foreclosures"=dword:00000001
   • "ringtone"=dword:00000001
   • "water+softener"=dword:00000001
   • "international+adoption"=dword:00000001
   • "foreclosure"=dword:00000001
   • "liver+cancer"=dword:00000001
   • "medco"=dword:00000001
   • "indianapolis"=dword:00000001
   • "car+stereo"=dword:00000001
   • "austin+texas"=dword:00000001
   • "free+dating"=dword:00000001
   • "amsoil"=dword:00000001
   • "peace+corps"=dword:00000001
   • "swiss+airfares"=dword:00000001
   • "funeral"=dword:00000001
   • "spyware+doctor"=dword:00000001
   • "colorado+springs"=dword:00000001
   • "product+recalls"=dword:00000001
   • "contacts"=dword:00000001
   • "affiliate"=dword:00000001
   • "proactiv"=dword:00000001
   • "car+racing"=dword:00000001
   • "satellite+radio"=dword:00000001
   • "nissan+cars"=dword:00000001
   • "business+plans"=dword:00000001
   • "foot+pain"=dword:00000001
   • "crestor"=dword:00000001
   • "pest+control"=dword:00000001
   • "wills"=dword:00000001
   • "nascar+tickets"=dword:00000001
   • "orlando+florida"=dword:00000001
   • "car+shows"=dword:00000001
   • "website+hosting"=dword:00000001
   • "directtv"=dword:00000001
   • "promotional+items"=dword:00000001
   • "spelling"=dword:00000001
   • "sat+prep"=dword:00000001
   • "race+cars"=dword:00000001
   • "engagement+ring"=dword:00000001
   • "broadway+tickets"=dword:00000001
   • "excalibur"=dword:00000001
   • "resume+writing"=dword:00000001
   • "pus"=dword:00000001
   • "keen+shoes"=dword:00000001
   • "gold+price"=dword:00000001
   • "electric+car"=dword:00000001
   • "car+accident"=dword:00000001
   • "free+airfares"=dword:00000001
   • "hotel+reservations"=dword:00000001
   • "quicken"=dword:00000001
   • "ira"=dword:00000001
   • "investment+property"=dword:00000001
   • "career+search"=dword:00000001
   • "hoodia+gordonii"=dword:00000001
   • "contact+lens"=dword:00000001
   • "currency+convertor"=dword:00000001
   • "currency+calculator"=dword:00000001
   • "toyota+cars"=dword:00000001
   • "hanso+foundation"=dword:00000001
   • "levaquin"=dword:00000001
   • "weight+lifting"=dword:00000001
   • "university"=dword:00000001
   • "stock+prices"=dword:00000001
   • "credit"=dword:00000001
   • "internet+advertising"=dword:00000001
   • "investment"=dword:00000001
   • "fear+factor"=dword:00000001
   • "comforters"=dword:00000001
   • "cartoon+holiday"=dword:00000001
   • "physical+therapy"=dword:00000001
   • "ford+cars"=dword:00000001
   • "import+cars"=dword:00000001
   • "motels"=dword:00000001
   • "rc+cars"=dword:00000001
   • "t+shirts"=dword:00000001
   • "twiggy"=dword:00000001
   • "stock"=dword:00000001
   • "boston+legal"=dword:00000001
   • "films"=dword:00000001
   • "miami+vice"=dword:00000001
   • "orlando"=dword:00000001
   • "business+plan"=dword:00000001
   • "online+pharmacy"=dword:00000001
   • "honda+cars"=dword:00000001
   • "mortgage+calculators"=dword:00000001
   • "make+money"=dword:00000001
   • "home+security"=dword:00000001
   • "budget"=dword:00000001
   • "traincrashes"=dword:00000001
   • "currency"=dword:00000001
   • "kaiser+permanente"=dword:00000001
   • "motorcycle+insurance"=dword:00000001
   • "pool+supplies"=dword:00000001
   • "psychic"=dword:00000001
   • "tickets"=dword:00000001
   • "allstate+insurance"=dword:00000001
   • "background+checks"=dword:00000001
   • "trend+micro"=dword:00000001
   • "cheep+airfare"=dword:00000001
   • "colleges"=dword:00000001
   • "halloween+costumes"=dword:00000001
   • "law"=dword:00000001
   • "credit+repair"=dword:00000001
   • "job+listings"=dword:00000001
   • "hydrocodone"=dword:00000001
   • "mississippi"=dword:00000001
   • "celebrex"=dword:00000001
   • "kohler"=dword:00000001
   • "background+check"=dword:00000001
   • "at"=dword:00000001
   • "car+parts"=dword:00000001
   • "outlook+express"=dword:00000001
   • "costumes"=dword:00000001
   • "vacations"=dword:00000001
   • "foot"=dword:00000001
   • "contact+lenses"=dword:00000001
   • "car+audio"=dword:00000001
   • "sciatica"=dword:00000001
   • "penny+stocks"=dword:00000001
   • "scary+movie"=dword:00000001
   • "car+accidents"=dword:00000001
   • "oklahoma"=dword:00000001
   • "mens+health"=dword:00000001
   • "concert+tickets"=dword:00000001
   • "stocks"=dword:00000001
   • "nursing"=dword:00000001
   • "crap"=dword:00000001
   • "enterprise"=dword:00000001
   • "currency+conversion"=dword:00000001
   • "autos"=dword:00000001
   • "tennessee"=dword:00000001
   • "wedding+favors"=dword:00000001
   • "spyware"=dword:00000001
   • "auto"=dword:00000001
   • "air+travel"=dword:00000001
   • "lsd"=dword:00000001
   • "classic+cars"=dword:00000001
   • "electric+cars"=dword:00000001
   • "currency+exchange"=dword:00000001
   • "diet+pills"=dword:00000001
   • "hybrid+cars"=dword:00000001
   • "airtran"=dword:00000001
   • "liposuction"=dword:00000001
   • "sports+cars"=dword:00000001
   • "desktop+wallpaper"=dword:00000001
   • "plastic+surgery"=dword:00000001
   • "washington+mutual"=dword:00000001
   • "cheap+hotels"=dword:00000001
   • "pet+meds"=dword:00000001
   • "muscle+cars"=dword:00000001
   • "loan+calculator"=dword:00000001
   • "vacation"=dword:00000001
   • "explosion"=dword:00000001
   • "holiday"=dword:00000001
   • "business+cards"=dword:00000001
   • "wells+fargo"=dword:00000001
   • "delta"=dword:00000001
   • "web+hosting"=dword:00000001
   • "airfares+rome"=dword:00000001
   • "flower"=dword:00000001
   • "people+finder"=dword:00000001
   • "job+search"=dword:00000001
   • "hoodia"=dword:00000001
   • "college"=dword:00000001
   • "las+vegas"=dword:00000001
   • "mortgage+calculator"=dword:00000001
   • "ringtones"=dword:00000001
   • "free+ringtones"=dword:00000001
   • "american+airlines"=dword:00000001
   • "money"=dword:00000001
   • "travelocity"=dword:00000001
   • "business+franchise"=dword:00000001
   • "adoptions"=dword:00000001
   • "rewards"=dword:00000001
   • "boom+lift"=dword:00000001
   • "investment+opportunities"=dword:00000001
   • "financial+planner"=dword:00000001
   • "arm+pain"=dword:00000001
   • "s+corporation"=dword:00000001
   • "pontiac+torrent"=dword:00000001
   • "consolidation+loan"=dword:00000001
   • "agel"=dword:00000001
   • "golden+nugget"=dword:00000001
   • "full+tilt"=dword:00000001
   • "croscill+bedding"=dword:00000001
   • "baby+adoption"=dword:00000001
   • "the+movies"=dword:00000001
   • "hospital+beds"=dword:00000001
   • "flower+bouquet"=dword:00000001
   • "bathroom+lights"=dword:00000001
   • "stock+data"=dword:00000001
   • "statins"=dword:00000001
   • "commodity+trading"=dword:00000001
   • "chicken+parmesan"=dword:00000001
   • "buy+gold"=dword:00000001
   • "business+law"=dword:00000001
   • "bachlorette+party"=dword:00000001
   • "philly"=dword:00000001
   • "ipa"=dword:00000001
   • "event+tickets"=dword:00000001
   • "divorce+lawyer"=dword:00000001
   • "ms+jackson"=dword:00000001
   • "currancy+converter"=dword:00000001
   • "holiday+road"=dword:00000001
   • "giants+tickets"=dword:00000001
   • "ventura"=dword:00000001
   • "parties+bachelor"=dword:00000001
   • "corporation"=dword:00000001
   • "colorado+college"=dword:00000001
   • "kyosho"=dword:00000001
   • "car+accessory"=dword:00000001
   • "business+gifts"=dword:00000001
   • "degrees"=dword:00000001
   • "time+share"=dword:00000001
   • "robert+hoffman"=dword:00000001
   • "moon+flower"=dword:00000001

– HKCR\Bho_html.edit_html.1
   • @="edit_html Class"

– HKCR\Bho_html.edit_html.1\CLSID
   • @="{14D1A72D-8705-11D8-B120-0040F46CB696}"

– HKCR\Bho_html.edit_html
   • @="edit_html Class"

– HKCR\Bho_html.edit_html\CLSID
   • @="{14D1A72D-8705-11D8-B120-0040F46CB696}"

– HKCR\Bho_html.edit_html\CurVer
   • @="Bho_html.edit_html.1"

– HKCR\CLSID\{14D1A72D-8705-11D8-B120-0040F46CB696}
   • @="edit_html Class"

– HKCR\CLSID\{14D1A72D-8705-11D8-B120-0040F46CB696}\InprocServer32
   • @=%directório de execução do malware%\%ficheiro executado%
   • "ThreadingModel"="Apartment"

– HKCR\CLSID\{14D1A72D-8705-11D8-B120-0040F46CB696}\ProgID
   • @="Bho_html.edit_html.1"

– HKCR\CLSID\{14D1A72D-8705-11D8-B120-0040F46CB696}\TypeLib
   • @="{14D1A720-8705-11D8-B120-0040F46CB696}"

– HKCR\CLSID\{14D1A72D-8705-11D8-B120-0040F46CB696}\
   VersionIndependentProgID
   • @="Bho_html.edit_html"

– HKCU\Software\Microsoft\Internet Explorer\Main
   • "Enable Browser Extensions"="yes"

– HKCR\TypeLib\{14D1A720-8705-11D8-B120-0040F46CB696}\1.0
   • @="bho_html 1.0 Type Library"

– HKCR\TypeLib\{14D1A720-8705-11D8-B120-0040F46CB696}\1.0\0\win32
   • @=%directório de execução do malware%\%ficheiro executado%

– HKCR\TypeLib\{14D1A720-8705-11D8-B120-0040F46CB696}\1.0\FLAGS
   • @="0"

– HKCR\TypeLib\{14D1A720-8705-11D8-B120-0040F46CB696}\1.0\HELPDIR
   • @=%directório de execução do malware%

– HKCR\Interface\{14D1A72C-8705-11D8-B120-0040F46CB696}
   • @="Iedit_html"

– HKCR\Interface\{14D1A72C-8705-11D8-B120-0040F46CB696}\TypeLib
   • @="{14D1A720-8705-11D8-B120-0040F46CB696}"
   • "Version"="1.0"

– HKCR\Interface\{14D1A72C-8705-11D8-B120-0040F46CB696}\
   ProxyStubClsid
   • @="{00020424-0000-0000-C000-000000000046}"

– HKCR\Interface\{14D1A72C-8705-11D8-B120-0040F46CB696}\
   ProxyStubClsid32
   • @="{00020424-0000-0000-C000-000000000046}"

Backdoor Contacta o servidor:
Seguinte:
• http://nepogod.com/**********

Como resultado pode enviar alguma informação.

Roubos de informação – É iniciada uma rotina de logging depois de visitar um Web site:
   • yahoo.com

– É iniciada uma rotina de logging depois de visitar um Web site, que contenha o seguinte texto no URL:
   • google

– Captura:
    • Teclar

Detalhes do ficheiro Linguagem de programação:
O programa de malware está escrito em MS Visual C++.

Descrição enviada por Bogdan Iliuta em segunda-feira, 4 de dezembro de 2006

Voltar . . . .

Proteçao especial para PCs

Produtos gratuitos

Produtos mais populares

Todos os produtos

Soluçoes em pacote

Estaçoes de trabalho

Server

Soluçoes em pacote

Mail Gateways

Web Gateways

Plataformas de colaboraçao

Usuários domésticos

Empresas

Laboratório de vírus

Mais suporte

Seja um parceiro Avira

Usuários domésticos

Empresas

Deseja apenas experimentar um produto?

Manuais e ferramentas