English
Deutsch
Francais
Español
Italian
Home
Virus Info
TR/Dldr.TComBill.O
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TR/Dldr.TComBill.O - Trojan
In alte limbi
Scurta descriere
Descriere completa
Statistici
How would you rate this information?
Worthless
Excellent
Nume:
TR/Dldr.TComBill.O
Descoperit pe data de:
03/10/2006
Tip:
Troian
Subtip:
Downloader
ITW:
Nu
Numar infectii raportate:
Scazut
Potential de raspandire:
Scazut
Potential de distrugere:
Scazut spre mediu
Fisier static:
Da
Marime:
20.992 Bytes
MD5:
2a36d74ac7f8a4cd7e3df11b5d84bd4e
Versiune VDF:
6.36.00.49
Versiune IVDF:
6.36.00.60
General
Metoda de raspandire:
• Nu are rutina proprie de raspandire
• Mcafee: Downloader-AAP
• Kaspersky: Trojan-Downloader.Win32.Nurech.b
• Sophos: Troj/Clagger-AD
• Eset: Win32/TrojanDownloader.Agent.UF
Sistem de operare:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Descarca un fisier malware
• Creeaza un fisier
• Modificari in registri
Fisiere
Se copiaza in urmatoarea locatie:
•
%SYSDIR%
\ipf.exe
Este creat fisierul:
–
%SYSDIR%
\drivers\winut.dat Acesta este un fisier text care nu prezinta pericol si are urmatorul continut:
• http://mncppcbulletinboard.org/images/**********
http://paulfrank.name/media/**********
http://addiekay.com/images/rotate/**********
http://deja-rue.com/mypix/**********
http://derbydaddy.com/sponsor/**********
http://databane.com/images/sidebar/**********
http://shinerbach.com/photo/album1/**********
http://spicynites.co.uk/images/**********
http://carpetsdirect-r-us.com/e107_docs/**********
http://gorelov-dv.org/files/weg.txt
http://cwmdulais.org.uk/public_html/images/**********
http://mjfconsultancy.com/images/**********
http://mcgeown.co.uk/images/**********
http://ecocleanservices.co.uk/**********
http://caithnesscanineclub.co.uk/gallery/pictures/**********
http://kosheen.net/e107_files/downloadimages/**********
http://83.149.103.136/**********
Incearca sa descarce un fisier:
– Adresele sunt urmatoarele:
• http://mncppcbulletinboard.org/images/**********
• http://paulfrank.name/media/**********
• http://addiekay.com/images/rotate/**********
• http://deja-rue.com/mypix/**********
• http://derbydaddy.com/sponsor/**********
• http://databane.com/images/sidebar/**********
• http://shinerbach.com/photo/album1/**********
• http://spicynites.co.uk/images/**********
• http://carpetsdirect-r-us.com/e107_docs/**********
• http://gorelov-dv.org/files/weg.txt
• http://cwmdulais.org.uk/public_html/images/**********
• http://mjfconsultancy.com/images/**********
• http://mcgeown.co.uk/images/**********
• http://ecocleanservices.co.uk/**********
• http://caithnesscanineclub.co.uk/gallery/pictures/**********
• http://kosheen.net/e107_files/downloadimages/**********
• http://83.149.103.136/**********
Fisierul este stocat pe hard disc la:
%SYSDIR%
\drivers\winut.dat In plus, acest fisier este executat dupa ce este descarcat de pe Internet. Acest fisier poate contine si alte locatii de descarcare si poate servi ca sursa de noi amenintari.
Registrii sistemului
Una din urmatoarele valori este adaugata in registri pentru pornirea automata a procesului dupa reboot:
– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• "ifp"="
%directorul de activare malware%
\
%fisier executat%
"
Se adauga in registrii sistemului:
– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion]
• "windowsshell"=dword:00000001
Detaliile fisierului
Limbaj de programare:
Limbaj de programare folosit: C (compilat cu Microsoft Visual C++).
Pentru o descriere scurta click
aici
.
Descriere introdusa de Monica Ghitun la Tue, 03 Oct 2006 16:01 (GMT+1)
Descriere actualizata de Andrei Ivanes la Thu, 26 Oct 2006 10:45 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
Worm/Mytob.U
Worm/Netsky.J
Worm/Mytob.AT
Worm/Mytob.AD
Worm/Klez.E
BDS/McMaggot.A
Worm/McMaggot.A
HEUR/PDF.Obfuscated
SPR/mIRC.Gen
TR/Crypt.UPKM.Gen
Get comfortable up to the minute info from Avira as
Detects and removes the following malware and its variants:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
TR/Spy.Banker.AATZ
TR/Spy.Banker.AATZ.1
TR/Spy.Banker.AATZ.2
TR/Spy.Banker.AATZ.3
Download here
Click
here
to get the panel...
© 2008 Avira GmbH
Copyright
Privacy
Sitemap
Feedback
Imprint
FAQ
Contact
Virus Info TR/Dldr.TComBill.O
Print this page
.gif)
