需要修復電腦?
聘請專家
Virus:Worm/Vobfus.CE.13
Date discovered:07/06/2011
Type:Worm
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:270.336 Bytes
MD5 checksum:B210C5B2040B7AB2AEC57B4075BD2032
VDF version:7.11.09.67 - Tuesday, June 7, 2011
IVDF version:7.11.09.67 - Tuesday, June 7, 2011

 General Method of propagation:
   • Autorun feature


Aliases:
   •  TrendMicro: WORM_VOBFUS.SMHG
   •  Sophos: Mal/VB-XV
   •  Microsoft: Worm:Win32/Vobfus.CE


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows 7


Side effects:
   • Drops files
   • Lowers security settings
   • Registry modification

 Files It copies itself to the following location:
   • %HOME%\%random character string%.exe

 Registry One of the following values is added in order to run the process after reboot:

–  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%random character string%"="C:\Documents and Settings\fred\%random character string%.exe /F"

 Backdoor Contact server:
The following:
   • **********.player1532.com:8000


 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

說明撰寫者 Andrei Ilie 開啟 2011年9月15日星期四
說明更新者 Andrei Ilie 開啟 2011年9月15日星期四

返回 . . . .

© 2013 Avira Operations GmbH & Co. KG. 保留所有權利.

我的帳戶

https:// 為了你的安全,此視窗已加密。