需要修复电脑?
聘请专家
Virus:TR/Agent.40960.177
Date discovered:09/08/2010
Type:Trojan
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:40.960 Bytes
MD5 checksum:aea8d7c82c5f432a005c80a9ede32029
IVDF version:7.10.10.125 - Monday, August 9, 2010

 General Aliases:
   •  Kaspersky: Trojan.Win32.Siscos.acx
   •  F-Secure: Trojan.Win32.Siscos.acx
   •  Sophos: Troj/Siscos-A


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %WINDIR%\services.exe

 Registry –  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Adobe Update Service"="%WINDIR%\services.exe"

 Messenger It is spreading via Messenger. The characteristics are described below:

– Windows Live Messenger

 IRC – Furthermore it has the ability to perform the following action:
    • connect to IRC server

 Backdoor Contact server:
The following:
   • zk.imageshak.biz:4507


 Miscellaneous  Checks for an internet connection by contacting the following web site:
   • http://cachefly.cachefly.net/1mb.test

 File details Programming language:
The malware program was written in MS Visual C++.

说明添加者: Irina Diaconescu 打开 2010年10月28日星期四
说明更新者: Irina Diaconescu 打开 2010年11月3日星期三

反馈 . . . .
https:// 为了你的安全,此窗口已加密。