Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
Virus:TR/Swisyn.ahql
Date discovered:23/06/2010
Type:Trojan
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:520.704 Bytes
MD5 checksum:003ca2e0074cc4ca379090b696bb5615
IVDF version:7.10.08.180 - Wednesday, June 23, 2010

 General Aliases:
   •  Sophos: Mal/Behav-053
   •  Panda: Trj/Keylogger.GK
   •  Eset: Win32/Spy.KeyLogger.NDW


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops malicious files
   • Registry modification

 Files It copies itself to the following location:
   • %SYSDIR%\svchost.exe



The following file is created:

%SYSDIR%\keyS.txt

 Registry The following registry key is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "Svchost"="%SYSDIR%\svchost.exe"

 Email It doesn't have its own spreading routine but it has the ability to send an email. It is most likely that the receiver is the author. The characteristics are described below:


From:
The sender of the email is the following:
   • jfilho0001@yahoo.com.br


To:
The recipient of the email is the following:
   • tamcosta0001@yahoo.com.br


Attachment:

The attachment is a copy of the created file: %SYSDIR%\keyS.txt

 Mailing MX Server:
It has the ability to contact the MX server:
   • smtp.mail.yahoo.com

 Stealing It tries to steal the following information:
– Windows Product ID

 File details Programming language:
The malware program was written in Delphi.

Описание добавил Petre Galan в(о) четверг, 4 ноября 2010 г.
Описание обновил Petre Galan в(о) четверг, 4 ноября 2010 г.

Назад . . . .
https:// Это окно зашифровано для вашей безопасности.