English
Deutsch
Francais
Español
Italian
Home
Virus Info
TR/NSAnti.B.7
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TR/NSAnti.B.7 - Trojan
In alte limbi
Scurta descriere
Descriere completa
Statistici
How would you rate this information?
Worthless
Excellent
Nume:
TR/NSAnti.B.7
Descoperit pe data de:
29/07/2006
Tip:
Troian
ITW:
Nu
Numar infectii raportate:
Scazut
Potential de raspandire:
Scazut
Potential de distrugere:
Scazut spre mediu
Fisier static:
Da
Marime:
42.102 Bytes
MD5:
caf96db786db731ed89d4ec7a7596ea5
Versiune VDF:
6.35.01.20
Versiune IVDF:
6.35.01.20
General
• Symantec: Trojan.PWS.QQPass
• TrendMicro: TSPY_QQPASS.QM
• Bitdefender: Trojan.NSAnti.B
Sistem de operare:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows ME
Efecte secundare:
• Creeaza un fisier
• Creeaza un fisier malware
• Inregistreaza intrarile de la tastatura
• Modificari in registri
• Sustrage informatii
Fisiere
Se copiaza in urmatoarea locatie:
•
%PROGRAM FILES%
\Internet Explorer\PLUGINS\system.jmp
Sterge urmatoarele fisiere:
•
%WINDIR%
\DESKTOP\WODEXIAOSHIHOUCHAONAORENXINGDESHIHOU
•
%WINDIR%
\DESKTOP\WAIOZONGSHICHANGGEHONGWONAHSOUGEHAOXIANGZHEYANGCHANGDEWODEGUXIANGZAIYUANFANG
•
%WINDIR%
\DESKTOP\TIANHEIHEITIOOTIANTIANDOUYAONIAIWODEXINSIYOUNICAIBUYAOWENWOCONGNALILAI
•
%WINDIR%
\DESKTOP\NPKCRYPT.SYS
Este creat fisierul:
–
%PROGRAM FILES%
\Internet Explorer\PLUGINS\system.sys Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: TR/PSW.QQRob.GD
Registrii sistemului
– HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\
ShellExecuteHooks
• "{C9953583-932E-4EA1-A04B-4523AAB72C30}"=""
Se adauga in registrii sistemului:
– HKCR\CLSID\{C9953583-932E-4EA1-A04B-4523AAB72C30}\InProcServer32
• "Default"="
%PROGRAM FILES%
\Internet Explorer\PLUGINS\system.sys"
• "ThreadingModel"="Apartment"
Backdoor
Trimte informatii despre:
• Parole retinute
Injectarea codului malware in alte procese
– Injecteaza fisierul urmator intr-un proces:
%PROGRAM FILES%
\Internet Explorer\PLUGINS\system.sys
– Se injecteaza ca un thread remote intr-un proces.
Numele procesului:
•
%toate procesele active%
Detaliile fisierului
Limbaj de programare:
Limbaj de programare folosit: Delphi.
Pentru o descriere scurta click
aici
.
Descriere introdusa de Bogdan Iliuta la Wed, 09 Aug 2006 12:26 (GMT+1)
Descriere actualizata de Andrei Ivanes la Mon, 14 Aug 2006 16:19 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
Worm/Bagle.FJ
W32/Elkern.C
Worm/Mytob.DH
Worm/Netsky.D.Dam
Worm/Lovgate.W
TR/Dldr.Agent.aizj
JS/Dldr.Small.CR.2
TR/Dldr.Agent.XAE
JS/Dldr.Agent.bbt
HTML/IFrame.800
Get comfortable up to the minute info from Avira as
Detects and removes the following malware and its variants:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
TR/Spy.Banker.AATZ
TR/Spy.Banker.AATZ.1
TR/Spy.Banker.AATZ.2
TR/Spy.Banker.AATZ.3
Download here
Click
here
to get the panel...
© 2008 Avira GmbH
Copyright
Privacy
Sitemap
Feedback
Imprint
FAQ
Contact
Virus Info TR/NSAnti.B.7
Print this page
.gif)
