Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
Date discovered:02/03/2006
In the wild:Yes
Reported Infections:Medium
Distribution Potential:Medium to high
Damage Potential:Low to medium
Static file:Yes
File size:180.224 Bytes
MD5 checksum:066e35aed18f9a36a8bc18cff3a87333
VDF version:
IVDF version: - Friday, March 3, 2006

 General Methods of propagation:
   • Autorun feature
   • Mapped network drives

   •  Symantec: W32.Gammima.AG
   •  Kaspersky: Worm.Win32.AutoRun.bqls
   •  TrendMicro: TSPY_ONLINEG.QLM
   •  Panda: W32/Lineage.LNY.worm

The file works interdependently with these components:
   •  TR/GameThief.B

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7

Side effects:
   • Drops files
   • Registry modification

 Files It copies itself to the following locations:
   • %tempdir%\apiqq.exe
   • %drive%\lpl.exe

It deletes the initially executed copy of itself.

The following files are created:

%drive%\autorun.inf This is a non malicious text file with the following content:
   • %code that runs malware%

– %tempdir%\apiqq0.dll Detected as: TR/GameThief.B

 Registry The following registry key is changed:

Various Explorer settings:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   New value:
   • "CheckedValue"=dword:00000000

 Stealing It tries to steal the following information:

– The password from the following program:
   • Dofus

 Injection – It injects itself into a process.

    Process name:
   • explorer.exe

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • ASPack

Описание добавил Andrei Ilie в(о) среда, 2 февраля 2011 г.
Описание обновил Andrei Ilie в(о) вторник, 15 февраля 2011 г.

Назад . . . .