Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:BDS/DsBot.anq
Date discovered:25/05/2010
Type:Backdoor Server
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:38.400 Bytes
MD5 checksum:f7ba200b5c27f5b1dc129678a3422c48
IVDF version:7.10.07.165 - Tuesday, May 25, 2010

 General Aliases:
   •  Bitdefender: Backdoor.Bot.122621
   •  Panda: Bck/Sdbot.MEW
   •  Eset: Win32/AutoRun.IRCBot.FC


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads malicious files

 Files It deletes the initially executed copy of itself.



It deletes the following file:
   • %TEMPDIR%\removeMe%number%.bat



The following file is created:

%TEMPDIR%\removeMe%number%.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.



It tries to download some files:

– The locations are the following:
   • http://210.197.72.121/~mana_/**********
   • http://www21.big.or.jp/~mana_/**********


– The location is the following:
   • http://rain.prohosting.com/cleine1/cgi-bin/**********


– The location is the following:
   • http://cgi.break.power.ne.jp/check/**********


– The location is the following:
   • http://www.maybefind.com/**********


– The location is the following:
   • http://www.worldandsearch.com/cgi-bin/**********


– The location is the following:
   • http://www.moneyppc.com/cgi-bin/**********




It tries to execute the following file:

– Filename:
   • cmd /c ""%TEMPDIR%\removeMe%number%.bat" "

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Petre Galan on Tuesday, September 21, 2010
Description updated by Petre Galan on Monday, September 27, 2010

Back . . . .