Pigeon Trojan

Pigeon virus description
Technical details:
Categories: Trojan,Backdoor
Pigeon Aliases:
[Kaspersky]Backdoor.GrayBird.g,Backdoor.Win32.GrayBird.gw,Backdoor.Win32.Hupigon.gs,Backdoor.Win32.Hupigon.bsw,Backdoor.win32.Pigeon.gen,Backdoor.win32.Hupigon.bmq,Backdoor.Win32.Hupigon.akq,Backdoor.Win32.Hupigon.aei,Backdoor.Win32.Hupigon.bca,Backdoor.Win32.Hupigon.ui,Packed.Win32.PePatch.ba,Backdoor.Win32.Hupigon.akm,Backdoor.Win32.Hupigeon.ih,Backdoor.Win32.Hupigon.aj,Backdoor.Win32.Hupigon.cpb,Backdoor.Win32.Hupigon.dfl,Backdoor.Win32.Hupigon.si,Backdoor.Win32.Hupigon.dsj,Backdoor.Win32.Hupigon.cts,Backdoor.Win32.Hupigon.dhs,Backdoor.Win32.Hupigeon.bld,Backdoor.Win32.Hupigon.cwd,Backdoor.Win32.Hupigeon.apx,Backdoor.Win32.Hupigon.cda,Backdoor.Win32.Hupigon.brc,Backdoor.Grayburd,Backdoor.Win32.Hupigon.adt,Backdoor.Win32.Hupigon.dsx,Backdoor.Win32.Hupigon.afx,Trojan-Downloader.Win32.Delf.apy,Backdoor.Win32.Hupigon.dtp,Backdoor.Win32.Hupigon.cir,Trojan-PSW.Win32.OnLineGames.bm,Backdoor.Win32.Hupigeon.ich;
[Eset]Win32/GreyBird.G trojan;
[McAfee]Backdoor-SO,Backdoor-AVW,Backdoor-AWQ.b,Backdoor-AWQ,BackDoor-AWQ.b,BackDoor-AWQ.b.dldr,BackDoor-AWQ.dll,Backdoor-ARR,BackDoor-ALC;
[F-Prot]W32/Hupigon.EG,W32/Trojan-Hupigon-based!Maximus;
[Computer Associates]Backdoor/Pigeon,Win32.Pigeon.2003.b2;
[Other]BKDR_HUPIGON.GP,Troj/Feutel-I,Backdoor.Graybird.Q,Win32/Pigeon.EE,Win32/Pigeon.EK,Backdoor.Win32.Hupigon.brw,Backdoor.Graybird,Win32/Pigeon.EG,Win32/Pigeon.EB,Win32/Pigeon.EC,Backdoor.Hupigeon,Win32/Pigeon.EA,Win32/Pigeon.EM,Win32/Pigeon.EN,Backdoor.Graybird.K,Win32/Pigeon.DZ,Backdoor.Win32.Hupigeon.rf,Backdoor.Greybird,Win32/Malum.EKI,Win32/Pigeon.FJ,Win32/Pigeon.X!plugin,Win32/Pigeon.ED,Win32/Pigeon.GB,Win32/Pigeon.GD,W32/Hupigon.SOW,Win32/Pigeon.GK,Win32/Pigeon.GZ,W32/Hupigon.AUG,Troj/Hupigon-BT,Win32/Pigeon.GV,Backdoor.Trojan,W32/Hupigon.ABUS,Win32/Pigeon.HA,W32/Hupigon.ZDN,Win32/Pigeon.HG,Win32/Pigeon.IK,Win32/Pigeon.KH,Win32/Pigeon.KI,Win32/Pigeon.KY,Trojan.Dropper,Win32/Pigeon.LA,Win32/Pigeon.KV,Win32/Pigeon.KW,Win32/Pigeon.LJ,Win32/Pigeon.LK,Win32/Pigeon.NN,Win32/Pigeon.PP,TrojanDropper:Win32/Hupigon.gen!A,W32/Smalldoor.KXR,Win32/Pigeon.PU,Troj/Agent-FPZ,Win32/Pigeon.RY,Troj/Hupigon-SM,BKDR_HUPIGON.BTZ,Win32/Pigeon.SQ,Win32/Pigeon.SP,Win32/Pigeon.SN,Hupigon.gen110,Trojan.Graybird,Hupigon.gen.101,Backdoor:Win32/Hupigon!2AED,Infostealer.Gampass,Win32/Pigeon.YL,Win32/Pigeon.ZP

Pigeon Folders:
[%COMMON_PROGRAMS%]\gain
[%PROFILE_TEMP%]\fsg_tmp
[%PROGRAM_FILES_COMMON%]\cmeii
[%PROGRAM_FILES_COMMON%]\gmt
[%PROGRAM_FILES%]\popup blockade
[%WINDOWS%]\temp\adware
[%PROGRAM_FILES%]\common files\cmeii
[%PROGRAM_FILES%]\common files\gmt
[%PROGRAM_FILES%]\HllServer

Pigeon Files:
[%COMMON_PROGRAMS%]\GAIN Publishing\GAIN Publishing Web Site.URL
[%COMMON_PROGRAMS%]\GAIN(2)\GAIN Website.URL
[%PROGRAM_FILES%]\Messenger\svchost.exe
[%PROGRAM_FILES_COMMON%]\CMEII\CMESys.exe
[%PROGRAM_FILES_COMMON%]\CMEII\CMEUpd.exe
[%PROGRAM_FILES_COMMON%]\CMEII\GFormCTM.dll
[%PROGRAM_FILES_COMMON%]\CMEII\GSvcMgr.dll
[%PROGRAM_FILES_COMMON%]\CMEII\GSvcSAP.dll
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\1151.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\446.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\613.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\779.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\886.ga
[%PROGRAM_FILES_COMMON%]\GMT\EGGCEngine.dll
[%PROGRAM_FILES_COMMON%]\GMT\GMT.exe
[%PROGRAM_FILES_COMMON%]\GMT\GMT.exe.manifest
[%PROGRAM_FILES_COMMON%]\GMT\scripts\msn.com.esp
[%SYSTEM%]\icsxml\pcs\License.txt
[%SYSTEM%]\pcs\License.txt
[%SYSTEM%]\SVKP.sys
[%SYSTEM%]\system.exe
[%SYSTEM%]\wintems.exe
[%WINDOWS%]\gatorgaininstaller.log
[%WINDOWS%]\gatorhdplugin.log
[%WINDOWS%]\gatorpatch.log
[%WINDOWS%]\gatorpdpsetup.log
[%WINDOWS%]\G_Server2006.exe
[%WINDOWS%]\igator\trickler3103_pic_fs_dmpt_3103.exe
[%WINDOWS%]\winhlep.exe
[%PROGRAM_FILES%]\intel\svch0st.dll
[%PROGRAM_FILES%]\intel\svch0st.exe
[%PROGRAM_FILES%]\intel\svch0stkey.dll
[%PROGRAM_FILES%]\System\svchost.exe
[%SYSTEM%]\G_Server1.23.exe
[%SYSTEM%]\Loginc
[%SYSTEM%]\lyysys.dat
[%SYSTEM%]\rpc.exe
[%SYSTEM%]\ssme.txt
[%SYSTEM%]\sysligin.exe
[%SYSTEM%]\sysliginKey.DLL
[%WINDOWS%]\G_Server.dll
[%WINDOWS%]\G_Server.exe
[%WINDOWS%]\G_Server1.2.exe
[%WINDOWS%]\G_Server_Hook.dll
[%WINDOWS%]\Hacker.com.cn.exe
[%WINDOWS%]\Hacker.com.cn.ini
[%WINDOWS%]\system3.exe
[%WINDOWS%]\twintemp.exe
[%WINDOWS%]\vagaa.exe
[%WINDOWS%]\win32.dll
[%WINDOWS%]\windos.DLL
[%WINDOWS%]\windos.exe
[%WINDOWS%]\windos_HOOk.DLL
[%WINDOWS%]\windows_system32.exe
[%COMMON_PROGRAMS%]\GAIN Publishing\GAIN Publishing Web Site.URL
[%COMMON_PROGRAMS%]\GAIN(2)\GAIN Website.URL
[%PROGRAM_FILES%]\Messenger\svchost.exe
[%PROGRAM_FILES_COMMON%]\CMEII\CMESys.exe
[%PROGRAM_FILES_COMMON%]\CMEII\CMEUpd.exe
[%PROGRAM_FILES_COMMON%]\CMEII\GFormCTM.dll
[%PROGRAM_FILES_COMMON%]\CMEII\GSvcMgr.dll
[%PROGRAM_FILES_COMMON%]\CMEII\GSvcSAP.dll
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\1151.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\446.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\613.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\779.ga
[%PROGRAM_FILES_COMMON%]\GMT\2od6npa984\ga\886.ga
[%PROGRAM_FILES_COMMON%]\GMT\EGGCEngine.dll
[%PROGRAM_FILES_COMMON%]\GMT\GMT.exe
[%PROGRAM_FILES_COMMON%]\GMT\GMT.exe.manifest
[%PROGRAM_FILES_COMMON%]\GMT\scripts\msn.com.esp
[%SYSTEM%]\icsxml\pcs\License.txt
[%SYSTEM%]\pcs\License.txt
[%SYSTEM%]\SVKP.sys
[%SYSTEM%]\system.exe
[%SYSTEM%]\wintems.exe
[%WINDOWS%]\gatorgaininstaller.log
[%WINDOWS%]\gatorhdplugin.log
[%WINDOWS%]\gatorpatch.log
[%WINDOWS%]\gatorpdpsetup.log
[%WINDOWS%]\G_Server2006.exe
[%WINDOWS%]\igator\trickler3103_pic_fs_dmpt_3103.exe
[%WINDOWS%]\winhlep.exe
[%PROGRAM_FILES%]\intel\svch0st.dll
[%PROGRAM_FILES%]\intel\svch0st.exe
[%PROGRAM_FILES%]\intel\svch0stkey.dll
[%PROGRAM_FILES%]\System\svchost.exe
[%SYSTEM%]\G_Server1.23.exe
[%SYSTEM%]\Loginc
[%SYSTEM%]\lyysys.dat
[%SYSTEM%]\rpc.exe
[%SYSTEM%]\ssme.txt
[%SYSTEM%]\sysligin.exe
[%SYSTEM%]\sysliginKey.DLL
[%WINDOWS%]\G_Server.dll
[%WINDOWS%]\G_Server.exe
[%WINDOWS%]\G_Server1.2.exe
[%WINDOWS%]\G_Server_Hook.dll
[%WINDOWS%]\Hacker.com.cn.exe
[%WINDOWS%]\Hacker.com.cn.ini
[%WINDOWS%]\system3.exe
[%WINDOWS%]\twintemp.exe
[%WINDOWS%]\vagaa.exe
[%WINDOWS%]\win32.dll
[%WINDOWS%]\windos.DLL
[%WINDOWS%]\windos.exe
[%WINDOWS%]\windos_HOOk.DLL
[%WINDOWS%]\windows_system32.exe

Pigeon Registry Keys:
HKEY_CLASSES_ROOT\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{21ffb6c0-0da1-11d5-a9d5-00500413153c}
HKEY_LOCAL_MACHINE\software\gator.com
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_svkp
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_windows
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winhelp
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\svkp
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windows
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winhelp
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_computer_browsercn
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_dbifsi
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_distributd_link_traking_cie
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_graypigeonserver1.23
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_graypigeon_hacker.com.cn
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_rising_auto_updating
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_system_ipsec_services
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_vista_xp___
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_windows*00c6*00f4*00b6*00af*00b7*00fe*00ce*00f1
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_windows_xp_vagaa____
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_windows_xp_vista________
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_winsysloginservise
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\computer browsercn
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dbifsi
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\distributd link traking cie
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\graypigeonserver1.23
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\graypigeon_hacker.com.cn
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\portable media serial.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rapg
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\remote (rpc)
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\rising auto updating
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\system ipsec services
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windows xp vagaa
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windows xp vista
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\windowsÆô¶¯·þÎñ
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winsysloginservise

Pigeon Registry Values:
HKEY_CLASSES_ROOT\mime\database\content type\application/aquatica
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\fileexts\.te\openwithlist
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\popup blockade
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\popup blockade
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\popup blockade
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gbserver\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gbserver\enum

Pigeon indications of infection

This symptoms of Pigeon detection are the files, registry, and network communication referenced in the technical details section.
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.

Also Be Aware of the Following Threats:
Starr Spyware Removal instruction
INF.Slogod Trojan Symptoms
Bancos.FWW Trojan Cleaner
Win32.PSW.Barrio Trojan Removal instruction

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)