Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
Alias:I-Worm.Tanatos.a, PWS-Hooker.dll, PWS. Hooker.Trojaner
Type:Worm 
Size:29,020 Bytes 
Origin: 
Date:00-00-0000 
Damage:Sent by email, Keylogger function. 
VDF Version:  
Danger:Low 
Distribution:Low 

DistributionThe worm searches for email addresses in all files of type "*.asp" and "*.ht*". It replies to the unread emails in Outlook. It also sends itself to all email addresses found on the system. The worm activates itself without the email to be opened. The email it sends, looks like this:

From:
" Anna"
"JUDY"
"Rita Tulliani"
"Tina"
"Kelly Andersen"
"Andy"
"Linda"
"Mon S"
"Joanna"
"JESSICA BENAVIDES"
" Administrator"
" Admin"
"Support"
"Monika Prado"
"Mary L. Adams"

Subject: usually "Re:"

Body: empty

Attachment:
Card.DOC.pif
docs.DOC.pif
fun.MP3.pif
HAMSTER.DOC.pif
Humor.MP3.scr
images.DOC.pif
info.DOC.scr
Me_nude.MP3.scr
New_Napster_Site.MP3.pif
news_doc.DOC.scr
Pics.DOC.scr
README.MP3.scr
S3MSONG.DOC.scr
SEARCHURL.MP3.pif
SETUP.DOC.scr
Sorry_about_yesterday.MP3.pif
stuff.MP3.pif
YOU_are_FAT!.MP3.scr

Technical DetailsWorm/BugBear.2 inserts a keylogger function into the system directory, named KDLL.DLL. This Trojan tries to collect personal information and to send it to the author by email.
When activated, the worm copies itself in Windows system directory as KERNEL32.EXE and makes the following registry entry, for automatic start:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunOnce\kernel32=kernel32.exe
Описание добавил Crony Walker в(о) вторник, 15 июня 2004 г.

Назад . . . .
https:// Это окно зашифровано для вашей безопасности.