需要修复电脑?
聘请专家
Virus:TR/Spy.ZBot.alw
Date discovered:14/06/2013
Type:Trojan
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:No
VDF version:7.11.84.160 - Friday, June 14, 2013
IVDF version:7.11.84.160 - Friday, June 14, 2013

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan.Win32.Yakes.cvkr
   •  TrendMicro: Trojan.Rent.14
   •  Sophos: Troj/Matsnu-AI
   •  Eset: Win32/Trustezeb.C


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7


Side effects:
   • Drops a malicious file
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %TEMPDIR%\%random character string%.pre



It deletes the initially executed copy of itself.



It deletes the following file:
   • %TEMPDIR%\%random character string%.pre



The following file is created:

– %HOME%\%random character string%\%random character string%.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too.

 Registry The following registry key is added in order to run the process after reboot:

– [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "%random character string%"="%HOME%\%random character string%\%random character string%.exe"

 Injection –  It injects the following file into a process: ctfmon.exe

说明添加者: Alexander Bauer 打开 2013年6月15日星期六
说明更新者: Alexander Bauer 打开 2013年6月15日星期六

反馈 . . . .
https:// 为了你的安全,此窗口已加密。