English
Deutsch
Français
Español
Italiano
Home
Virus Info
Worm/Hakaglan.B
Search
Home
Support
Solutions
Products
Downloads
Virus Info
Statistics
Phishing Worldmap
VDF History
Virus Science
Submit Sample
Security News
Viruses In the Wild
Company
Press
Partners
Newsletter
TechBlog
Worm/Hakaglan.B - Worm
In alte limbi
Scurta descriere
Descriere completa
Statistici
How would you rate this information?
Worthless
Excellent
Nume:
Worm/Hakaglan.B
Descoperit pe data de:
05/04/2007
Tip:
Vierme
ITW:
Da
Numar infectii raportate:
Scazut
Potential de raspandire:
Mediu
Potential de distrugere:
Mediu
Fisier static:
Da
Marime:
268.216 Bytes
MD5:
0D94f594bca6d09ab3423b962da0e9df
Versiune IVDF:
6.38.00.184
General
Metode de raspandire:
• Discuri de retea mapate
• Messenger
Alias:
• Mcafee: Downloader-FL
• F-Secure: Worm.Win32.AutoIt.c
• Sophos: W32/SillyFDC-G
• Grisoft: Worm/Autoit.X
• Eset: Win32/Hakaglan.B
• Bitdefender: Win32.Worm.Sohanat.AB
Sistem de operare:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Efecte secundare:
• Reduce setarile de securitate
• Modificari in registri
• Posibilitatea accesului neautorizat la computer
Fisiere
Se copiaza in urmatoarele locatii:
•
%SYSDIR%
\RVHOST.exe
•
%WINDIR%
\RVHOST.exe
•
%unitate disc%
\New Folder.exe
Este creat fisierul:
–
%WINDIR%
\tasks\At1.job Fisierul este o activitate programata care ruleaza malware-ul la ore predefinite.
Registrii sistemului
Urmatoarea cheie este adaugata in registri pentru a rula procesul la repornirea sistemului:
– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
• Yahoo Messengger =
%SYSDIR%
\RVHOST.exe
Urmatoarele chei din registri sunt modificate:
– [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Vechea valoare:
• Shell = Explorer.exe
Noua valoare:
• Shell = Explorer.exe RVHOST.exe
– [HKLM\SYSTEM\CurrentControlSet\Services\Schedule]
Noua valoare:
• AtTaskMaxHours = 0
Dezactivarea programelor Regedit si Task Manager:
– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
Noua valoare:
• DisableTaskMgr = 1
• DisableRegistryTools = 1
Diverse setari in Explorer:
– [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Noua valoare:
• NofolderOptions = 1
– [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\
WorkgroupCrawler\Shares]
Noua valoare:
• shared = \\
%numele computerului%
\
%unitate disc%
\New Folder.exe
Messenger
Se raspandeste prin messenger. Caracteristicile sunt:
– Yahoo Messenger
Catre:
Toate contactele online din lista de contacte.
Mesaj
Mesajul transmis este:
•
%descarcat de pe internet%
Mesajele primite pot arata astfel:
Backdoor
Servere contactate:
Urmatoarele:
• http://nhatquanglan2.0catch.com/**********
• http://nhatquanglan2.0catch.com/**********
• http://www.freewebs.com/nhattruongquang/**********
Astfel se obtine control la distanta. Raspunsul serverului este scris in fisierul:
%SYSDIR%
\settings.ini
Posibilitati de control la distanta:
• descarcare fisier
• executarea unui fisier
• legat de Spam
• Vizitarea unui website
Pentru o descriere scurta click
aici
.
Descriere introdusa de Andrei Gherman la Fri, 14 Mar 2008 09:02 (GMT+1)
Descriere actualizata de Andrei Gherman la Fri, 14 Mar 2008 10:00 (GMT+1)
»
About Malware
»
About Phishing
»
Viruses In the Wild
« back
Print this page
TR/Crypt.XPACK.Gen
HEUR/HTML.Malware
HTML/Infected.WebPage.Gen
ADSPY/AdSpy.Gen
HTML/Crypted.Gen
W32/Induc.Gen
TR/ATRAPS.Gen2
TR/Click.Yabector.8857.2
TR/PSW.Magania.auv
TR/Dldr.Bredolab.AX
Get comfortable up to the minute info from Avira as
Detects and removes distinct malware and its variants.
Download here
Click
here
to get the panel...
© 2009 Avira GmbH
Copyright
|
Privacy
|
Sitemap
|
Feedback
|
Imprint
|
FAQ
|
Contact
Virus Info Worm/Hakaglan.B
Print this page
.gif)
