Нужен совет? Обратитесь за помощью к сообществу или специалистам.
Перейти к Avira Answers
Date discovered:13/06/2011
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
File size:228.435 Bytes
MD5 checksum:1FC2553E16E1F9599AF24E4F1AEE8CF1
VDF version: - Monday, June 13, 2011
IVDF version: - Monday, June 13, 2011

 General Method of propagation:
   • No own spreading routine

   •  Mcafee: Ainslot.b
   •  Kaspersky: Trojan.Win32.Jorik.Shakblades.rv
   •  TrendMicro: TROJ_JORIK.WRF
   •  Sophos: Mal/Ainslot-B
     Microsoft: Worm:Win32/Ainslot.A

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7

Side effects:
   • Drops files
   • Registry modification

 Files It copies itself to the following location:
   • %APPDATA%\svchost.exe

The following file is created:

%APPDATA%\data.dat Contains parameters used by the malware.

 Registry To each registry key one of the values is added in order to run the processes after reboot:

   • "svchost"="%APPDATA%\svchost.exe"

   • "svchost"="%APPDATA%\svchost.exe"

   • "svchost"="%APPDATA%\svchost.exe"

The following registry keys are added:

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
   • "StubPath"="%APPDATA%\svchost.exe"

[HKCU\Software\Microsoft\Active Setup\Installed Components\
   • "StubPath"="%APPDATA%\svchost.exe"

 Injection It injects itself as a remote thread into a process.

    Process name:
   • explorer.exe

 Miscellaneous Accesses internet resources:
   • blackxpazit.no-ip.biz

 File details Programming language:
The malware program was written in MS Visual C++.

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Описание добавил Andrei Ilie в(о) среда, 27 июля 2011 г.
Описание обновил Andrei Ilie в(о) среда, 27 июля 2011 г.

Назад . . . .
https:// Это окно зашифровано для вашей безопасности.