Need help? Ask the community or hire an expert.
Go to Avira Answers
病毒:TR/Agent.8789
发现日期:13/12/2012
类型:特洛伊木马
广泛传播:
病毒传播个案呈报:低程度
感染/传播能力:低程度
破坏 / 损害程度:低程度
静态文件:
文件大小:441.856 字节
MD5 校检和:77a31b24e8af16ea374ab06e7d2c1ba7
VDF 版本:7.11.53.216 - 13 Aralık 2012 Perşembe
IVDF 版本:7.11.53.216 - 13 Aralık 2012 Perşembe

 况概描述 传播方法:
   • 网络驱动器映射


别名:
   •  Kaspersky: Trojan.Win32.Cossta.jzp
   •  Microsoft: Trojan:Win32/Comame
   •  Panda: W32/SharedReply.A.worm
   •  Grisoft: Delf.TWA
   •  Eset: Win32/Delf.NGQ
   •  Norman: W32/NetworkWorm.QVM


平台/操作系统:
   • Windows XP
   • Windows Vista
   • Windows 7


副作用:
   • 关闭安全应用程序
   • 注册表修改

 文件 它将本身复制到以下位置:
   • %恶意软件执行目录%\film.exe
   • C:\Documents and Settings\film.exe
   • %HOME%\film.exe
   • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\Explorer.exe
   • %ALLUSERSPROFILE%\Start Menu\Programs\Startup\xx.exe
   • %恶意软件执行目录%\memari.exe
   • C:\Documents and Settings\memari.exe
   • %HOME%\memari.exe



它会使用列表中的文件名植入其本身的副本:
– 收件人: %驱动器% 使用以下名称:
   • film.exe
   • .exe
   • naqhshe.exe
   • Babylon.exe
   • good.exe
   • aks.exe
   • barname.exe
   • rahsazi.exe
   • c++.exe
   • project.exe
   • download.exe




删除以下文件:
   • C:\Documents and Settings\All Users\Start Menu\Programs\McAfee\McAfee SecurityCenter.lnk
   • D:\Documents and Settings\All Users\Start Menu\Programs\McAfee\McAfee SecurityCenter.lnk
   • E:\Documents and Settings\All Users\Start Menu\Programs\McAfee\McAfee SecurityCenter.lnk
   • F:\Documents and Settings\All Users\Start Menu\Programs\McAfee\McAfee SecurityCenter.lnk
   • G:\Documents and Settings\All Users\Start Menu\Programs\McAfee\McAfee SecurityCenter.lnk
   • H:\Documents and Settings\All Users\Start Menu\Programs\McAfee\McAfee SecurityCenter.lnk
   • I:\Documents and Settings\All Users\Start Menu\Programs\McAfee\McAfee SecurityCenter.lnk
   • C:\Program Files\McAfee.com\Agent\mcagent.exe
   • D:\Program Files\McAfee.com\Agent\mcagent.exe
   • E:\Program Files\McAfee.com\Agent\mcagent.exe
   • F:\Program Files\McAfee.com\Agent\mcagent.exe
   • G:\Program Files\McAfee.com\Agent\mcagent.exe
   • H:\Program Files\McAfee.com\Agent\mcagent.exe
   • I:\Program Files\McAfee.com\Agent\mcagent.exe

 注册表 会添加以下某个注册值,以便在重新引导后运行进程:

–  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "vi me"="%ALLUSERSPROFILE%\Start Menu\Programs\Startup\Explorer.exe"

–  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "vi me"="%ALLUSERSPROFILE%\Start Menu\Programs\Startup\xx.exe"

 文件详细信息 编程语言:
该恶意软件程序是用 Delphi 编写的。

Açıklamayı yerleştiren Mihai Dilimot tarihinde 24 Şubat 2011 Perşembe
Açıklamayı güncelleyen: Mihai Dilimot tarihinde 24 Şubat 2011 Perşembe

Geri . . . .
https:// Bu pencere güvenlik amacıyla şifrelenmiştir.