需要修復電腦?
聘請專家
Virus:TR/Agent.AXSY.1
Date discovered:29/12/2012
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:No
File size:204.712 Bytes
VDF version:7.11.55.18 - Saturday, December 29, 2012
IVDF version:7.11.55.18 - Saturday, December 29, 2012

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan-Dropper.Win32.Injector.gvlp
   •  Sophos: Troj/Zbot-DHN
   •  Bitdefender: Trojan.Agent.AXSY
   •  Avast: Win32:Trojan-gen
   •  Microsoft: Trojan:Win32/Meredrop
   •  Grisoft: Dropper.Generic7.AEHP
   •  Eset: Win32/Kryptik.ARIS
   •  Sunbelt: Trojan.Win32.Generic!BT
   •  GData: Trojan.Agent.AXSY
   •  Norman: Trojan W32/Reveton.AN


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Can be used to modify system settings that allow or augment potential malware behaviour.
   • Registry modification

 Files The following file is created:

– Non malicious file:
   • %ALLUSERSPROFILE%\Anwendungsdaten\dsgsdgdsgdsgw_%random numbers%.pad

 Registry The following registry keys are changed:

– HKLM\SYSTEM\ControlSet001\Services\winmgmt\Parameters
   Old value:
   • "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
   New value:
   • "ServiceDll"="%malware execution directory%\%malware dll%"

– HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\Parameters
   Old value:
   • "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
   New value:
   • "ServiceDll"="%malware execution directory%\%malware dll%"

 Miscellaneous Trusted file pretending:
Its process pretends to be the following trusted process: nslookup.exe

說明撰寫者 Martin Muench 開啟 2012年12月30日星期日
說明更新者 Martin Muench 開啟 2012年12月30日星期日

返回 . . . .
https:// 為了你的安全,此視窗已加密。