English
Deutsch
Español
Italian
Home
Virus Info
TR/Kebede.F
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TR/Kebede.F - Trojan
Ver também
Sumário
Descrição completa
Estatísticas
How would you rate this information?
Worthless
Excellent
Vírus
TR/Kebede.F
Data em que surgiu:
29/06/2005
Tipo:
Trojan
Incluído na lista "In The Wild"
Não
Nível de danos:
Baixo
Nível de distribuição:
Baixo
Nível de risco:
Alto
Ficheiro estático:
Sim
Tamanho:
12.304 Bytes
MD5 checksum:
d8b6aa4bf9ae89ca1eff5d86c4f45905
Versão VDF:
6.31.00.122
Vulgarmente
Meio de transmissão:
• Não tem rotinas de propagação
Alias:
• TrendMicro: TROJ_KEDEBE.E
• Bitdefender: Trojan.Vb.ZX
Sistemas Operativos:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efeitos secundários:
• Bloqueia o acesso a determinados Web sites
• Baixa as definições de segurança
Ficheiros
Apaga ficheiros que contêm um dos textos seguintes:
• APLICA32
• APVXDWIN
• ATCON
• ATRO55EN
• AU
• AV
• BD_PROFESSIONAL
• BIDEF
• BIDSERVER
• BISP
• BLA
• BOOTWARN
• BORG2
• BS120
• CCAPP
• CLEAN
• CMD
• COMMAND
• CWNT
• DEPUTY
• DIAL
• DPF
• IFW2000
• DRWEBUPW
• EDIT
• ENT
• FAST
• FIREWALL
• FP-WIN_TRIAL
• FRW
• GBMENU
• GBPOLL
• GCAS
• GUARD
• HACKTRACERSETUP
• HIJACK
• HTLOG
• HWPE
• IAMAPP
• IAMSERV
• ICLOAD
• ICSSUPPNT
• ICSUPP95
• ICSUPPNT
• IPARMOR
• IRIS
• JAMMER
• KERIO
• LDPRO
• LLSSEV
• LOCALNET
• LOCKDOWN
• LSETUP
• LUALL
• LUCOMS
• MAIN
• MCA
• MGR
• MGUI
• MINILOG
• MON
• MOOLIVE
• MRFLUX
• MSCONFIG
• MSINFO32
• MSSMMC32
• MU0311AD
• NC2000
• NCINST4
• NDD32
• NETARMOR
• NETINFO
• NETSTAT
• NORTO
• MNTOR
• NTVDM
• NVARCH16
• NWINST4
• NWTOOL16
• OSTRONET
• OUTPOST
• PANIXK
• PC
• PDSETUP
• PERISCOPE
• PERSFW
• PF
• SHN
• PLATIN
• PORT
• PPINUPDT
• PPTBC
• PPVSTOP
• PROC
• PROTECT
• PROXY
• PSPF
• PURGE
• PVIEW95
• REG
• RESCUE
• RTVSCN95
• RULAUNCH
• SAFE
• SBSERV
• SCAN
• SD
• SETUPVAMEEVAL
• SGSSFW32
• SHELL
• SMSRSS
• SNDSRVC
• SOFI
• SOPHO
• SPBBCSVC
• SPF
• SPHINX
• SPY
• ST2
• STINGER
• SUPFTRL
• SYMA
• SYN
• TITANIN
• TRACERT
• TRJSETUP
• TROJAN
• UNDOBOOT
• UPDATE
• UPGRADE
• VIRUS
• ZON
Hospedeiros
O ficheiro hospedeiro sofre as seguintes alterações:
– Neste caso valores existentes serão alterados.
– O acesso aos seguintes domínios é bloqueado:
• symantec.com; www.symantec.com; www.microsoft.com; microsoft.com;
windowsupdate.com; securityresponse.symantec.com;
www.windowsupdate.com; sophos.com; www.sophos.com; mcafee.com;
definitions.symantec.com; networkassociates.com;
downloads-eu1.kaspersky-labs.com; downloads-us1.kaspersky-labs.com;
downloads4.kaspersky-labs.com; downloads3.kaspersky-labs.com;
downloads2.kaspersky-labs.com; downloads1.kaspersky-labs.com;
www.kaspersky.com; www.kaspersky-labs.com; download.mcafee.com;
updates.symantec.com; kaspersky.com; viruslist.com;
liveupdate.symantecliveupdate.com; www.f-secure.com; www.nai.com;
nai.com; trendmicro.com; www.download.com; download.com;
www.networkassociates.com; us.mcafee.com; www.zonelabs.com;
rads.mcafee.com; download.zonelabs.com; cm2.zonelabs.com; avp.com;
www.avp.com; update.zonelabs.com; www.mcafee.com; www.trendmicro.com;
dispatch.mcafee.com
O ficheiro hospedeiro (alterado) terá a seguinte aparência:
Terminar o processo
São terminados os processos com um dos seguintes textos:
• APLICA32; APVXDWIN; ATCON; ATRO55EN; AU; AV; BD_PROFESSIONAL; BIDEF;
BIDSERVER; BISP; BLA; BOOTWARN; BORG2; BS120; CCAPP; CLEAN; CMD;
COMMAND; CWNT; DEPUTY; DIAL; DPF; IFW2000; DRWEBUPW; EDIT; ENT; FAST;
FIREWALL; FP-WIN_TRIAL; FRW; GBMENU; GBPOLL; GCAS; GUARD;
HACKTRACERSETUP; HIJACK; HTLOG; HWPE; IAMAPP; IAMSERV; ICLOAD;
ICSSUPPNT; ICSUPP95; ICSUPPNT; IPARMOR; IRIS; JAMMER; KERIO; LDPRO;
LLSSEV; LOCALNET; LOCKDOWN; LSETUP; LUALL; LUCOMS; MAIN; MCA; MGR;
MGUI; MINILOG; MON; MOOLIVE; MRFLUX; MSCONFIG; MSINFO32; MSSMMC32;
MU0311AD; NC2000; NCINST4; NDD32; NETARMOR; NETINFO; NETSTAT; NORTO;
MNTOR; NTVDM; NVARCH16; NWINST4; NWTOOL16; OSTRONET; OUTPOST; PANIXK;
PC; PDSETUP; PERISCOPE; PERSFW; PF; SHN; PLATIN; PORT; PPINUPDT;
PPTBC; PPVSTOP; PROC; PROTECT; PROXY; PSPF; PURGE; PVIEW95; REG;
RESCUE; RTVSCN95; RULAUNCH; SAFE; SBSERV; SCAN; SD; SETUPVAMEEVAL;
SGSSFW32; SHELL; SMSRSS; SNDSRVC; SOFI; SOPHO; SPBBCSVC; SPF; SPHINX;
SPY; ST2; STINGER; SUPFTRL; SYMA; SYN; TITANIN; TRACERT; TRJSETUP;
TROJAN; UNDOBOOT; UPDATE; UPGRADE; VIRUS; ZON
Informações diversas
Mutex:
Cria o seguinte Mutex:
• DroppedKebede
Detalhes do ficheiro
Linguagem de programação:
Ficheiro escrito em Visual Basic.
Empacotador de Runtime:
De forma a agravar a detecção e reduzir o tamanho do ficheiro é lançado com o seguinte empacotador de runtime:
• UPX
Veja
aqui
uma breve descrição.
Descrição adicionada por Irina Boldea em Tue, 28 Mar 2006 10:09 (GMT+1)
Descrição adicionada por Irina Boldea em Tue, 28 Mar 2006 13:51 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
TR/Crypt.CFI.Gen
W32/Elkern.C
Worm/Lovgate.W
Worm/Mytob.U
Worm/Klez.E
TR/Dldr.Exchanger.OQ
TR/Dldr.Small.but
TR/Kavimondas.B
TR/Dldr.Agent.73728
JS/Dldr.Iframe.BY
Get comfortable up to the minute info from Avira as
Detects and removes the following malware and its variants:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
TR/Spy.Banker.AATZ
TR/Spy.Banker.AATZ.1
TR/Spy.Banker.AATZ.2
TR/Spy.Banker.AATZ.3
Download here
Click
here
to get the panel...
© 2008 Avira GmbH
Copyright
Privacy
Sitemap
Feedback
Imprint
FAQ
Contact
Virus Info TR/Kebede.F
Print this page
.gif)
