|
Details:
Installation
This Trojan drops the following file(s)/component(s):
- %Current%\6EEB4AC9-93D5-4F30-86B1-23DA3C491E87.EXE
- %User Temp%\bcdp.bat
(Note: %Current% is the folder where this malware is located.%User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003. )
It executes the following file(s)/component(s):
(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003. )
Other Details
This Trojan deletes itself after execution.
- The executable "%Current%\6eeb4ac9-93d5-4f30-86b1-23da3c491e87.exe" will remove itself once executing.
It uses the following sets of strings, which may be related to HOSTS file modification, downloading, sending of information, and other possibly malicious routines:
- .COM;.EXE;.BAT;.CMD
- .COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS
- .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
- {BLOCKED}6.com
- {BLOCKED}t.com
- {BLOCKED}e.com
- {BLOCKED}riendfinder.com
- {BLOCKED}n.com
- {BLOCKED}l.com
- {BLOCKED}e.com
- {BLOCKED}r.com
- {BLOCKED}list.com
- {BLOCKED}tart.com
- div.innerHTML = "Alert! Windows has been detected malware installation attempt from <a href=\"#\">"+document.location.hostname+"</a>. Please click this bar to register your antivirus software.";
- div3.innerHTML += "<style>.fixed {position:relative;top:expression(document.getElementsByTagName(body)[0].scrollTop + px);top:-22px;zoom:0;} .activex {background:#ffffe1;height:18px;font-family:Tahoma;font-size:11px;padding:4px 20px 4px 24px;overflow-x:hidden;} .close {position:absolute;left:100%;display:block;width:30px;height:18px;margin:-1px 0 -17px -25px;background:url(http://www.{BLOCKED}eprotector2008.com/pr/close.gif) no-repeat top center;z-index:100;} .alarm {position:absolute;display:block;width:19px;height:21px;background:url(http://www.malwareprotector2008.com/pr/alarm.png) no-repeat top left;z-index:100;}</style>";
- {BLOCKED}ad.com
- {BLOCKED}y.com
- {BLOCKED}ok.com
- {BLOCKED}r.com
- {BLOCKED}ster.com
- {BLOCKED}ot.com
- {BLOCKED}o.com
- {BLOCKED}e.com
- {BLOCKED}5.com
- {BLOCKED}enue.com
- {BLOCKED}b.com
- {BLOCKED}e.com
- {BLOCKED}urnal.com
- {BLOCKED}c.com
- {BLOCKED}ire.com
- {BLOCKED}load.com
- {BLOCKED}oft.com
- {BLOCKED}va.com
- {BLOCKED}n.com
- {BLOCKED}e.com
- {BLOCKED}t.com
- {BLOCKED}oker.com
- {BLOCKED}ucket.com
- {BLOCKED}hare.com
- {BLOCKED}e.com
- {BLOCKED}k.com
- Spyware and viruses are harmful to the system. Therefore you can lose all important data, so your personal information as credit cards, access to bank accounts can be transferred to the
- To get full advanced real-time protection for PC and Internet activity, register your antivirus software.
- We recommended you to activate the antivirus software installed on the computer.
- {BLOCKED}dia.org
- {BLOCKED}o.com
- {BLOCKED}n.com
- {BLOCKED}lehost.com
Affected Platforms
This Trojan runs on Windows 98, ME, NT, 2000, XP, Server 2003.
For additional information about this threat, see:
Overview
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
