Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
Date discovered:12/10/2010
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:81.920 Bytes
MD5 checksum:1F8CD13341245588FC97E8F05C551E7E
VDF version:
IVDF version: - Tuesday, October 12, 2010

 General Method of propagation:
    Autorun feature

   •  Symantec: Backdoor.Sdbot
   •  Kaspersky: Trojan.Win32.Jorik.SdBot.fb
   •  TrendMicro: TROJ_JORIK.CIB
   •  Sophos: W32/SdBot-DPL
   •  Panda: Bck/Ircbot.CZZ

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7

Side effects:
   • Drops files
   • Lowers security settings
   • Registry modification

 Files It copies itself to the following location:
   • %WINDIR%\oldbin.exe

 Registry One of the following values is added in order to run the process after reboot:

   • "Ci Servs"="oldbin.exe"

 P2P In order to infect other systems in the Peer to Peer network community the following action is performed:   It searches for directories that contain the following substring:
   • emule\incoming

 IRC  Furthermore it has the ability to perform actions such as:
     connect to IRC server
    • Join IRC channel
    • Leave IRC channel

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS server is contacted:
   • nice.niceshot.in

Anti debugging
It checks for running programs that contain one of the following strings:
   • tcpview
   • filemon
   • procmon

 File details Programming language:
The malware program was written in MS Visual C++.

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Описание добавил Andrei Ilie в(о) вторник, 22 марта 2011 г.
Описание обновил Andrei Ilie в(о) среда, 23 марта 2011 г.

Назад . . . .
https:// Это окно зашифровано для вашей безопасности.