Technical details:
Categories: Trojan,Backdoor,DoS
[Kaspersky]Backdoor.FlyAgent.a,Trojan.VBS.Lava,Trojan.Win32.VB.hs,TrojanDropper.DOS.Mypic,Backdoor.Netbus.160.a,Trojan.Win32.StartPage.ix,Trojan.BAT.Nonstop.a,TrojanDownloader.Win32.Small.al,TrojanDownloader.Win32.Turown.a,TrojanDownloader.Win32.Wintrim.az,TrojanDownloader.Win32.Wintrim.bu,TrojanDownloader.Win32.Agent.ad,TrojanDownloader.Win32.Wintrim.ba,Backdoor.Xeol.a,Trojan.VBS.Lamping,Backdoor.Thunk.e,Trojan.Win32.StartPage.np,Trojan-Downloader.Win32.IstBar.gen,Trojan.Win32.Small.i,TrojanProxy.Win32.Delf.h;
[Eset]Win32/Flyagent.A trojan,Mypic trojan,Win32/TrojanDownloader.Wintrim.BU trojan,Win32/TrojanDownloader.Agent.AD trojan,Win32/TrojanDownloader.Wintrim.BA trojan,IRC/Mimic.B trojan,Win32/Thunk.E trojan,Win32/TrojanDownloader.Wintrim.AC trojan;
[McAfee]NetBusPro.dr,Netbus,Bat/tf;
[F-Prot]destructive program,W32/NetBus.backdoor.567296;
[Panda]BAT/Muma,VBS/Trojan.Lava,Trj/NotepaDLL.A,Trj/DOS.Mypic,Trj/Passer.J,Trj/Netbus.160,Trj/StartPage.FH,Trojan Horse.LC,Adware/Look2Me,Dialer.LS,Dialer.B,Trj/Legmir.gen,Trj/StartPage.EB,Spyware/Omi,W32/Randon.CL.worm;
[Computer Associates]VBS/BackdoorPing!Trojan,VBS/BackdoorPing.Trojan,VBS.DoS.Soldier,Backdoor/FlyAgent,Win32.FlyAgent.A,VBS/Dome!Worm,VBS.Dome,Win32/DllFlood!Trojan,Win32.DllFlood.A,MyPics!Dropper,MyPics.Dropper,Bat/Flood.C!Trojan,BAT.IRCFlood,Backdoor/Netbus!Server,Win32.Netbus.160,Bat/Lameness!Trojan,BAT.Nonstop.A,Win32/SearchBar.sb!Downloader,Win32.Startpage.JK!downloader,Win32/StartPage.JG!DLL!Trojan,Win32.Startpage.JG,Win32/Wintrim.BU!Trojan,Win32.Wintrim.AO,Win32/Lemir.27220!DLL!Trojan,Win32.Lemir.BD,Win32/DlMersting.CG!Trojan,Win32.Startpage.FZ VBS.BackdoorPing Files:
[%PROFILE_TEMP%]\ICD1.tmp\SearchInstall3.exe
[%PROFILE_TEMP%]\ICD3.tmp\SearchInstall3.exe
[%SYSTEM%]\dailytoolbar.dll
[%SYSTEM%]\msedpb.exe
[%SYSTEM%]\x.bat
[%SYSTEM%]\___synmgr.exe
[%WINDOWS%]\Downloaded Program Files\OSD1C03.OSD
[%WINDOWS%]\___n.EXE
[%PROFILE_TEMP%]\ICD1.tmp\SearchInstall3.exe
[%PROFILE_TEMP%]\ICD3.tmp\SearchInstall3.exe
[%SYSTEM%]\dailytoolbar.dll
[%SYSTEM%]\msedpb.exe
[%SYSTEM%]\x.bat
[%SYSTEM%]\___synmgr.exe
[%WINDOWS%]\Downloaded Program Files\OSD1C03.OSD
[%WINDOWS%]\___n.EXE
VBS.BackdoorPing Registry Keys:
HKEY_CLASSES_ROOT\appid\{951b3138-ae8e-4676-a05a-250a5f111631}
HKEY_CLASSES_ROOT\CLSID\{58F9B276-E1CC-458e-8159-21CBC021874B}
HKEY_CLASSES_ROOT\CLSID\{8333C319-0669-4893-A418-F56D9249FCA6}
HKEY_CLASSES_ROOT\dailytoolbar.ieband
HKEY_CLASSES_ROOT\dailytoolbar.sysmgr
HKEY_CLASSES_ROOT\ietoolbar.affiliatectl
HKEY_CLASSES_ROOT\interface\{10195311-e434-47a9-adba-48839e3f7e4e}
HKEY_CLASSES_ROOT\interface\{abafa0b4-f78d-42e5-8c31-1a441d01c1df}
HKEY_CURRENT_USER\software\nix solutions\dailytoolbar
HKEY_LOCAL_MACHINE\software\classes\clsid\{8333c319-0669-4893-a418-f56d9249fca6}
HKEY_LOCAL_MACHINE\SOFTWARE\DailyToolbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dailytoolbar
HKEY_LOCAL_MACHINE\software\nix solutions\dailytoolbar
VBS.BackdoorPing indications of infection
This symptoms of VBS.BackdoorPing detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
HLLP.Nutmeg Trojan Cleaner
Posts
No comments:
Post a Comment