English
Deutsch
Francais
Español
Italian
Home
Virus Info
DR/PSW.VB.JI
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
DR/PSW.VB.JI - Dropper
In alte limbi
Scurta descriere
Descriere completa
Statistici
How would you rate this information?
Worthless
Excellent
Nume:
DR/PSW.VB.JI
Descoperit pe data de:
26/02/2007
Tip:
Dropper
ITW:
Da
Numar infectii raportate:
Scazut
Potential de raspandire:
Scazut
Potential de distrugere:
Scazut
Fisier static:
Da
Marime:
3.482.304 Bytes
MD5:
a51e4cf019c203f7b5d56e673bb751e4
Versiune VDF:
6.37.01.162
General
Metoda de raspandire:
• Nu are rutina proprie de raspandire
Alias:
• Panda: Trj/Downloader.MDW
Sistem de operare:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Creeaza fisiere
• Creeaza un fisier malware
• Modificari in registri
Fisiere
Creeaza urmatorul director:
•
%PROGRAM FILES%
\ParentsFriend
Sunt create fisierele:
– Fisiere temporare care pot fi sterse dupa aceea:
•
%TEMPDIR%
\INS
%numar%
.tmp
•
%TEMPDIR%
\is-
%combinatie de caractere aleatoare%
.tmp\SMRunApp.exe
–
%SYSDIR%
\comsysh.exe
–
%PROGRAM FILES%
\ParentsFriend\pfunzip.exe
–
%SYSDIR%
\Mswinsck.ocx
–
%SYSDIR%
\zip32.dll
–
%SYSDIR%
\unzip32.dll
–
%PROGRAM FILES%
\ParentsFriend\system.pfs
–
%PROGRAM FILES%
\ParentsFriend\noporno.pfs
–
%PROGRAM FILES%
\ParentsFriend\nodownload.pfs
–
%PROGRAM FILES%
\ParentsFriend\noinstall.pfs
–
%SYSDIR%
\PF.hlp
–
%SYSDIR%
\Tabctl32.ocx
–
%SYSDIR%
\beegd10.ocx
–
%PROGRAM FILES%
\ParentsFriend\regbeegd10.bat
–
%SYSDIR%
\winadmd.exe
–
%SYSDIR%
\winadmkill.exe Fisierul este executat dupa ce a fost creat. Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: TR/PSW.VB.JI
–
%PROGRAM FILES%
\ParentsFriend\pfadmin.exe Fisierul este executat dupa ce a fost creat. Analiza ulterioara a relevat ca si acest fisier este malware. Detectat ca: TR/PSW.VB.JI
–
%SYSDIR%
\winadm.exe
–
%SYSDIR%
\winprogdel.exe
–
%SYSDIR%
\Msinet.ocx
–
%SYSDIR%
\Regsvr16.exe
Registrii sistemului
Urmatoarele chei sunt adaugate in registrii sistemului:
– [HKLM\Software\winadm]
• unins="
%PROGRAM FILES%
\ParentsFriend"
– [HKCR\StingaBeeGrid10.Grid]
• (Default)="Stinga BeeGrid Control (Icursor)"
– [HKCR\StingaBeeGrid10.Grid\CLSID]
• (Default)="{97BD7A13-77E0-11D2-8EAE-008048E27A77}"
– [HKCR\CLSID\{97BD7A13-77E0-11D2-8EAE-008048E27A77}\
VersionIndependentProgID]
• (Default)="StingaBeeGrid10.Grid"
– [HKCR\CLSID\{97BD7A13-77E0-11D2-8EAE-008048E27A77}\InprocServer32]
• (Default)="
%SYSDIR%
\beegd10.ocx"
• ThreadingModel="Apartment"
– [HKCR\CLSID\{97BD7A13-77E0-11D2-8EAE-008048E27A77}\ToolboxBitmap32]
• (Default)="
%SYSDIR%
\beegd10.ocx, 1"
– [HKCR\TypeLib\{97BD7A05-77E0-11D2-8EAE-008048E27A77}\1.0\0\win32]
• (Default)="
%SYSDIR%
\beegd10.ocx"
– [HKCR\TypeLib\{97BD7A05-77E0-11D2-8EAE-008048E27A77}\1.0\HELPDIR]
• (Default)="
%SYSDIR%
\"
– [HKCR\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32]
• (Default)="
%SYSDIR%
\Msinet.ocx"
• ThreadingModel="Apartment"
– [HKCR\CLSID\{48E59295-9880-11CF-9754-00AA00C00908}]
• (Default)="Internet Control URL Property Page Object"
Urmatoarele chei din registri sunt modificate:
– [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
Noua valoare:
•
%SYSDIR%
\comcat.dll=dword:00000004
– [HKCR\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0]
Noua valoare:
• (Default)="Microsoft Winsock Control 6.0 (SP4)"
– [HKCR\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32]
Noua valoare:
• (Default)="
%SYSDIR%
\Mswinsck.ocx"
– [HKCR\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR]
Noua valoare:
• (Default)="
%SYSDIR%
\"
– [HKCR\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32]
Noua valoare:
• (Default)="
%SYSDIR%
\stdole2.tlb"
– [HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs]
Noua valoare:
•
%SYSDIR%
\Mswinsck.ocx=dword:00000001
%SYSDIR%
\Msinet.ocx=dword:00000001
Pentru o descriere scurta click
aici
.
Descriere introdusa de Alexandru Dinu la Fri, 05 Oct 2007 10:42 (GMT+1)
Descriere actualizata de Alexandru Dinu la Fri, 05 Oct 2007 12:11 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
TR/Crypt.CFI.Gen
Worm/Kidala.G
Worm/Mytob.AD
Worm/Mytob.AT
Worm/Mytob.BF
BDS/Frauder.bu
DR/Autoit.I.1
TR/Spy.ZBot.DFR
TR/VB.aei
EXP/Java.Gimsh.A.40
Get comfortable up to the minute info from Avira as
Detects and removes the following malware and its variants:
Worm/Sober.J
Worm/Sober.P
Worm/Sober.Y
W32/Stanit.A
Worm/NetSky.AA
Worm/NetSky.B.1
Worm/NetSky.C
Worm/Netsky.D.Dam
Worm/NetSky.P
Worm/NetSky.X
Worm/Mytob.IN.2
Worm/Mytob.KS
TR/Spy.Banker.AATZ
TR/Spy.Banker.AATZ.1
TR/Spy.Banker.AATZ.2
TR/Spy.Banker.AATZ.3
Download here
Click
here
to get the panel...
© 2008 Avira GmbH
Copyright
Privacy
Sitemap
Feedback
Imprint
FAQ
Contact
Virus Info DR/PSW.VB.JI
Print this page
.gif)
