Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:28/09/2010
In the wild:Yes
Reported Infections:Low to medium
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:104.941 Bytes
MD5 checksum:d4d7655ee338c61021bd8d1f03d4605f
VDF version:
IVDF version:

 General Aliases:
   •  Mcafee: PWS-Zbot.gen.ab
   •  Kaspersky: Trojan-GameThief.Win32.Taworm.fra
   •  Sophos: Troj/PWS-BOD
   •  Bitdefender: Worm.Generic.276630
   •  GData: Worm.Generic.276630

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Drops malicious files
   • Registry modification

 Files It copies itself to the following location:
   • %SYSDIR%\%five-digit random character string%.exe

 Registry The value of the following registry key is removed:

–  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL]
   • SystemMgr

The following registry key is added:

– [HKCU\Software\Microsoft\Internet Explorer\Main]
   • "TabProcGrowth"=dword:0x00000000

 File details Programming language:
The malware program was written in MS Visual C++.

Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with a runtime packer.

Description inserted by Petre Galan on Friday, March 18, 2011
Description updated by Petre Galan on Friday, March 18, 2011

Back . . . .