//start foreach
English
//start foreach
Deutsch
//start foreach
Français
//start foreach
Español
//start foreach
Italiano
//start foreach
Русский
//start foreach
日本語
//start foreach
Português
//start foreach
简体中文
Home
Vireninfos
TR/Dldr.Bagle.bes
Suche
Home
Support
Lösungen
Produkte
Downloads
Vireninfos
Statistiken
VDF Historie
Virenkunde
Datei-Upload
Sicherheits-News
In-the-Wild-Viren
Unternehmen
Presse
Partner
Newsletter
TechBlog
TR/Dldr.Bagle.bes - Trojan
Siehe auch
Kurzfassung
Vollständig
Statistik
Wie würden Sie diese Information bewerten?
Wertlos
Hervorragend
Name:
TR/Dldr.Bagle.bes
Entdeckt am:
30/09/2009
Art:
Trojan
Nebenart:
Downloader
In freier Wildbahn:
Ja
Gemeldete Infektionen:
Niedrig bis mittel
Verbreitungspotenzial:
Niedrig bis mittel
Schadenspotenzial:
Mittel
Statische Datei:
Ja
Dateigröße:
843.776 Bytes
MD5 Prüfsumme:
e43ad19f1304b3108ee05fcd1ac93263
IVDF Version:
7.01.06.59
- Wed, 30 Sep 2009 16:27 (GMT+1)
General
Aliases:
• Mcafee: W32/Bagle.dldr
• Sophos: Mal/Generic-A
• Panda: W32/Bagle.KV.worm
• Eset: Win32/Bagle.TC
• Bitdefender: Trojan.Generic.2615531
Betriebsysteme:
• Windows 2000
• Windows XP
• Windows 2003
Auswirkungen:
• Lädt schädliche Dateien herunter
• Erstellt schädliche Dateien
• Änderung an der Registry
Dateien
Es werden folgende Dateien erstellt:
– C:\Documents and Settings\Administrator\Application Data\drivers\winupgro.exe
– C:\Documents and Settings\Administrator\Application Data\drivers\flec005.exe
– C:\Documents and Settings\Administrator\Application Data\drivers\wfsintwq.sys
– C:\Documents and Settings\Administrator\Application Data\drivers\srosa2.sys
Es wird versucht die folgenden Dateien herunterzuladen:
– Die URLs sind folgende:
• http://netinzone.com/images/**********?crc=
%Nummer%
• http://www.gethelp.gr/images/**********?crc=
%Nummer%
• http://www.sittichland.net/images/**********?crc=
%Nummer%
• http://transcardan.com.ar/images/**********?crc=
%Nummer%
• http://escrevemos.com.br/images/**********?crc=
%Nummer%
• http://bigape.dk/images/**********?crc=
%Nummer%
• http://www.virtuaweb.ch/images/**********?crc=
%Nummer%
• http://sagaseguros.com.br/images/**********?crc=
%Nummer%
• http://gespat.com.br/images/**********?crc=
%Nummer%
• http://industriastodoflex.com.ar/images/**********?crc=
%Nummer%
• http://ellevang.aab-net.dk/images/**********?crc=
%Nummer%
• http://htcom.com.br/images/**********?crc=
%Nummer%
• http://caiunaredeibcn.com.br/images/**********?crc=
%Nummer%
• http://www.dinos-online-world.com/images/**********?crc=
%Nummer%
• http://www.revistaoyc.com.ar/images/**********?crc=
%Nummer%
• http://www.villaggioilgabbiano.com/images/**********?crc=
%Nummer%
• http://sotiere.fr/images/**********?crc=
%Nummer%
• http://apcsoftware.com.br/images/**********?crc=
%Nummer%
• http://s279848872.onlinehome.fr/images/**********?crc=
%Nummer%
• http://vdbquad.be/images/**********?crc=
%Nummer%
• http://www.pintatuvida.com/images/**********?crc=
%Nummer%
• http://www.grupomercadao.com.br/images/**********?crc=
%Nummer%
• http://fantastictimemachine.dk/images/**********?crc=
%Nummer%
• http://andalusiers.info/images/**********?crc=
%Nummer%
• http://fat-burner.org/images/**********?crc=
%Nummer%
• http://blackmagicsoft.com/images/**********?crc=
%Nummer%
• http://inmogestiongarraf.com/images/**********?crc=
%Nummer%
• http://2plus1.1h.pl/images/**********?crc=
%Nummer%
• http://tememe.org/images/**********?crc=
%Nummer%
• http://doctornelsonjaque.cl/images/**********?crc=
%Nummer%
• http://atelierdupetitprince.com/images/**********?crc=
%Nummer%
• http://aircomms.com/images/**********?crc=
%Nummer%
• http://vicentepastor.com/images/**********?crc=
%Nummer%
• http://troop147.com/images/**********?crc=
%Nummer%
• http://davincistudio.ncse.pl/images/**********?crc=
%Nummer%
• http://christinesalib.com/images/**********?crc=
%Nummer%
• http://www.oficinadapesca.com.br/images/**********?crc=
%Nummer%
• http://diariosalto.com/images/**********?crc=
%Nummer%
• http://amrc.no/images/**********?crc=
%Nummer%
• http://cerbeer.com.br/images/**********?crc=
%Nummer%
• http://www2.djleo.fr/images/**********?crc=
%Nummer%
• http://icastro.net/images/**********?crc=
%Nummer%
• http://kerrenneur.com/images/**********?crc=
%Nummer%
• http://olympiostudio.com.br/images/**********?crc=
%Nummer%
• http://inversionesabreu.com/images/**********?crc=
%Nummer%
• http://autismoburgos.org/images/**********?crc=
%Nummer%
• http://www.bbtinez.com/images/**********?crc=
%Nummer%
• http://2shoppers.net/images/**********?crc=
%Nummer%
• http://mobico.home.pl/images/**********?crc=
%Nummer%
• http://borgobrunelleschi.it/images/**********?crc=
%Nummer%
• http://www.elcompcomponentes.com.br/images/**********?crc=
%Nummer%
• http://joowiki.com/images/**********?crc=
%Nummer%
• http://idealuminosa.it/images/**********?crc=
%Nummer%
• http://eisnt.com/images/**********?crc=
%Nummer%
• http://bikerguide24.com/images/**********?crc=
%Nummer%
• http://ahavat-rahamim.org/images/**********?crc=
%Nummer%
• http://www.23-50.info/images/**********?crc=
%Nummer%
• http://safarispasodelindio.com.ar/images/**********?crc=
%Nummer%
• http://www.camperworkshop.com/images/**********?crc=
%Nummer%
• http://vgormaz.cl/images/**********?crc=
%Nummer%
• http://elecinfo.gr/images/**********?crc=
%Nummer%
• http://livinautic.com/images/**********?crc=
%Nummer%
• http://retroradar.com/images/**********?crc=
%Nummer%
• http://tagdemexico.com/images/**********?crc=
%Nummer%
• http://sikaniaservice.it/images/**********?crc=
%Nummer%
• http://tribuandco.fr/images/**********?crc=
%Nummer%
• http://www.roma136.org/images/**********?crc=
%Nummer%
• http://myprosoft.net/images/**********?crc=
%Nummer%
• http://sgktechnology.com/images/**********?crc=
%Nummer%
• http://jesusgarciaartglass.com/images/**********?crc=
%Nummer%
• http://lmiauto.webtolive.net/images/**********?crc=
%Nummer%
• http://cita-ambulatoria.com/images/**********?crc=
%Nummer%
• http://4technique.it/images/**********?crc=
%Nummer%
• http://rating-basilea2.it/images/**********?crc=
%Nummer%
• http://juegoalprode.com.ar/images/**********?crc=
%Nummer%
• http://canalcars.es/images/**********?crc=
%Nummer%
• http://www.lopeztenorio.com/images/**********?crc=
%Nummer%
• http://hotel-santamonica.com/images/**********?crc=
%Nummer%
• http://fantafoggia.netsons.org/images/**********?crc=
%Nummer%
• http://royal3d.com.br/images/**********?crc=
%Nummer%
• http://monpetitatelier.com/images/**********?crc=
%Nummer%
• http://da-ma.it/images/**********?crc=
%Nummer%
• http://greatvaluecarhire.com/images/**********?crc=
%Nummer%
• http://geoveneto.com.ar/images/**********?crc=
%Nummer%
• http://samueleiezzoni.com/images/**********?crc=
%Nummer%
• http://saltek.com.pl/images/**********?crc=
%Nummer%
• http://jubla-wuefla.ch/images/**********?crc=
%Nummer%
• http://automalatina.com.ar/images/**********?crc=
%Nummer%
• http://www.zonnedauwtje.nl/images/**********?crc=
%Nummer%
• http://webesencias.com/images/**********?crc=
%Nummer%
• http://www.chennaimallikaaresidency.com/images/**********?crc=
%Nummer%
• http://www.homejn.com/images/**********?crc=
%Nummer%
• http://www.marrakechgarden.com/images/**********?crc=
%Nummer%
• http://pierdek.ramtel.net.pl/images/**********?crc=
%Nummer%
• http://bandidos-cottbus.com/images/**********?crc=
%Nummer%
• http://www.wha.it/images/**********?crc=
%Nummer%
• http://margaritavenezuela.net/images/**********?crc=
%Nummer%
• http://www.madmusic.ch/images/**********?crc=
%Nummer%
• http://tresdefebreroinmuebles.com/images/**********?crc=
%Nummer%
• http://wilsonsavegnago.com.br/images/**********?crc=
%Nummer%
• http://nelium.be/images/**********?crc=
%Nummer%
• http://biolog.com.br/images/**********?crc=
%Nummer%
• http://avilasbravati.com.br/images/**********?crc=
%Nummer%
• http://iridyum.net/images/**********?crc=
%Nummer%
• http://reiniciapc.com/images/**********?crc=
%Nummer%
• http://sushitesters.com/images/**********?crc=
%Nummer%
• http://209.227.255.242/images/**********?crc=
%Nummer%
• http://cyrilcast.com/images/**********?crc=
%Nummer%
• http://reviveprojects.com.au/images/**********?crc=
%Nummer%
• http://aiag.com.ve/images/**********?crc=
%Nummer%
• http://jindexe.com/images/**********?crc=
%Nummer%
• http://garpez.com.ve/images/**********?crc=
%Nummer%
• http://stebot.net/images/**********?crc=
%Nummer%
• http://grasshopers.net/images/**********?crc=
%Nummer%
• http://robinudarchery.com/images/**********?crc=
%Nummer%
• http://grupamc.com/images/**********?crc=
%Nummer%
• http://crewdiscountcard.com/images/**********?crc=
%Nummer%
• http://www.pixelhotel.eu/images/**********?crc=
%Nummer%
• http://stylesnatch.com/images/**********?crc=
%Nummer%
• http://karlemans.com/images/**********?crc=
%Nummer%
• http://blackdino.bplaced.net/images/**********?crc=
%Nummer%
• http://habitatnet.it/images/**********?crc=
%Nummer%
• http://fernseh.com.ar/images/**********?crc=
%Nummer%
• http://rtoday.co.kr/images/**********?crc=
%Nummer%
• http://erolook.nl/images/**********?crc=
%Nummer%
• http://www.orangeinformatica.it/images/**********?crc=
%Nummer%
• http://gajaga.com/images/**********?crc=
%Nummer%
• http://claudiatarazona.com.ar/images/**********?crc=
%Nummer%
• http://synerweb.net/images/**********?crc=
%Nummer%
• http://baysu.net/images/**********?crc=
%Nummer%
• http://202.78.195.166/images/**********?crc=
%Nummer%
• http://snowdrop-cleaners.com/images/**********?crc=
%Nummer%
• http://escolinha.vndv.com/images/**********?crc=
%Nummer%
• http://blissalapitvany.hu/images/**********?crc=
%Nummer%
• http://80.93.94.8/images/**********?crc=
%Nummer%
• http://salonesalicante.com/images/**********?crc=
%Nummer%
• http://adultcam24.com/images/**********?crc=
%Nummer%
• http://www.canoniero.com/images/**********?crc=
%Nummer%
• http://vesomin.com/images/**********?crc=
%Nummer%
• http://recordgazette.com/images/**********?crc=
%Nummer%
• http://grupocontinental.es/images/**********?crc=
%Nummer%
• http://cie-tapisvolant.com/images/**********?crc=
%Nummer%
• http://giulianopizza.com.ar/images/**********?crc=
%Nummer%
• http://grada.es/images/**********?crc=
%Nummer%
• http://www.latinbodysauna.com.pe/images/**********?crc=
%Nummer%
• http://ore-photo.com/images/**********?crc=
%Nummer%
• http://immo-eden.com/images/**********?crc=
%Nummer%
• http://portal.silksoftsolutions.com/images/**********?crc=
%Nummer%
• http://Coldassaultteam.clanfree.net/images/**********?crc=
%Nummer%
• http://www.ave.airproduction.pl/images/**********?crc=
%Nummer%
• http://centrobrother.com/images/**********?crc=
%Nummer%
• http://lolacaprichos.com/images/**********?crc=
%Nummer%
• http://laurasusedpanties.com/images/**********?crc=
%Nummer%
• http://civetta.org/images/**********?crc=
%Nummer%
• http://actrevol.fr/images/**********?crc=
%Nummer%
• http://assurvieconseil.com/images/**********?crc=
%Nummer%
• http://sair.hosting.paran.com/images/**********?crc=
%Nummer%
• http://rockza-macau.com/images/**********?crc=
%Nummer%
• http://alagozluler.com/images/**********?crc=
%Nummer%
• http://moltosesso.info/images/**********?crc=
%Nummer%
• http://aluminis-teima.com/images/**********?crc=
%Nummer%
• http://vilaltaguitart.com/images/**********?crc=
%Nummer%
• http://s223425274.onlinehome.us/images/**********?crc=
%Nummer%
• http://nebulix.com/images/**********?crc=
%Nummer%
• http://gampi.com.br/images/**********?crc=
%Nummer%
• http://palermomix.uuuq.com/images/**********?crc=
%Nummer%
• http://mycheapauto.com/images/**********?crc=
%Nummer%
• http://kipc-me.com/images/**********?crc=
%Nummer%
• http://celuquimia.com/images/**********?crc=
%Nummer%
• http://loneranorte.com.ar/images/**********?crc=
%Nummer%
• http://communiquer.com.br/images/**********?crc=
%Nummer%
• http://aviva.ma/images/**********?crc=
%Nummer%
• http://proprietedeprestige.fr/images/**********?crc=
%Nummer%
• http://form-plast.com/images/**********?crc=
%Nummer%
• http://sherrylai.netfirms.com/images/**********?crc=
%Nummer%
• http://italiacampersud.it/images/**********?crc=
%Nummer%
• http://anima64.soge.net/images/**********?crc=
%Nummer%
• http://www.cestdubo.nl/images/**********?crc=
%Nummer%
• http://pictoryart.com/images/**********?crc=
%Nummer%
• http://circolopd.lu/images/**********?crc=
%Nummer%
• http://cepatel.it/images/**********?crc=
%Nummer%
• http://cafebali.cz/images/**********?crc=
%Nummer%
• http://www.switch.com.mt/images/**********?crc=
%Nummer%
• http://meafinance.com/images/**********?crc=
%Nummer%
Zum Zeitpunkt der Analyse war diese Datei nicht verfügbar.
Registry
Folgende Registryschlüssel werden hinzugefügt:
– [HKCU\Software\bisoft]
• "frstrunn"=dword:0x00000001
– [HKLM\SOFTWARE\Microsoft\Windows\Security Center\Svc]
• "EnableLUA"=dword:0x00000016
Folgender Registryschlüssel wird geändert:
– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
Neuer Wert:
• "EnableLUA"=dword:0x00000000
Prozess Beendigung
Liste der Prozesse die beendet werden:
• cfp.exe; 0fcd0g.exe; a2cmd.exe; a2guard.exe; a2HiJackFree.exe;
a2scan.exe; a2service.exe; a2start.exe; a2upd.exe; a2wizard.exe;
aavshield.exe; aawservice.exe; About.exe; ABregmon.exe; ACAAS.exe;
ACAEGMgr.exe; ACAIS.exe; ACALS.exe; ACASP.exe; AckWin32.exe; acs.exe;
ADVCHK.EXE; Agb5.exe; Agb5_.exe; AhnSD.exe; airdefense.exe; alarm.exe;
ALERTSVC.EXE; ALMon.exe; ALOGSERV.EXE; ALsvc.exe; ALUNOTIFY.EXE;
ALUSchedulerSvc.exe; amon.exe; Anti-Trojan.exe; AntiVirus.exe;
ANTS.EXE; antvrs.exe; appsvc32.exe; APVXDWIN.EXE;
arcabit.core.configurator2.exe; arcabit.core.loggingservice.exe;
ArcaCheck.exe; Armor2net.exe; ash.exe; ashAvast.exe; ashAvSrv.exe;
ashchest.exe; ashDisp.exe; ashDug.exe; ashEnhcd.exe; ashLogV.exe;
ashMaiSv.exe; ashPopWz.exe; ashQuick.exe; ashServ.exe; ashsimp2.exe;
ashSimpl.exe; ashSkPcc.exe; ashSkPck.exe; ashUpd.exe; aswupdsv.exe;
ashWebSv.exe; ash_UpdateMediator.exe; aswDisp.exe; aswRegSvr.exe;
aswUpdSv.exe; AszMon.exe; ATCON.EXE; ATUPDATER.EXE; ATWATCH.EXE;
AUPDATE.EXE; AUTODOWN.EXE; AutostartExplorer.exe; AUTOTRACE.EXE;
AUTOUPDATE.EXE; av2009.exe; avadmin.exe; avcenter.exe; avciman.exe;
avcmd.exe; avconfig.exe; Avconsol.exe; avenger.exe; AVENGINE.EXE;
avesvc.exe; avfwsvc.exe; avgam.exe; avgamsvr.exe; avgarkt.exe;
avgcc.exe; AVGCC32.EXE; AVGCTRL.EXE; avgdiag.exe; avgemc.exe;
avgfws8.exe; avgfwsrv.exe; avginet.exe; avgnpdln.exe; avgnpsvc.exe;
avgnsx.exe; avgnt.exe; avgrssvc.exe; avgrsx.exe; avgscan.exe;
AVGSERV.EXE; avgtray.exe; AVGUARD.EXE; avgupden.exe; avgupsvc.exe;
avgvv.exe; avgw.exe; avgwdsvc.exe; avgwizfw.exe; avinitnt.exe;
avirarkd.exe; avkproxy.exe; AvkServ.exe; AVKService.exe; avktray.exe;
AVKWCtl.exe; avmailc.exe; AVMenu.exe; avnotify.exe; AVP.EXE;
AVP32.EXE; avpcc.exe; avpm.exe; avpmapp.exe; AVPUPD.EXE; avscan.exe;
AVSCHED32.EXE; avserver.exe; avsynmgr.exe; avwebgrd.exe; AVWUPD32.EXE;
AVWUPSRV.EXE; AVXMONITOR9X.EXE; AVXMONITORNT.EXE; AVXQUAR.EXE;
avz.exe; BackWeb-4476822.exe; bdagent.exe; bdmcon.exe; bdnews.exe;
bdoesrv.exe; bdss.exe; bdsubmit.exe; bdsubmitwiz.exe; BDSurvey.exe;
bdswitch.exe; bdwizreg.exe; blackd.exe; blackice.exe; blindman.exe;
BTIni.exe; BTIniNT.exe; bullguard.exe; bullguardupdate.exe;
BZDCOMLAUNCH.exe; BZRPCSS.exe; CAAntiSpyware.exe; cafix.exe;
cagloballight.exe; capfasem.exe; capfsem.exe;
cappactiveprotection.exe; CavApp.exe; CaVasm.exe; CavAUD.exe;
CavEmSrv.exe; Cavmr.exe; CavMUD.exe; Cavoar.exe; CavQ.exe; cavrid.exe;
CAVSCons.exe; cavse.exe; CavSn.exe; CavSub.exe; CAVSubmit.exe;
CavUMAS.exe; CavUserUpd.exe; Cavvl.exe; ccApp.exe; ccEvtMgr.exe;
cclaw.exe; ccprovsp.exe; ccProxy.exe; ccSetMgr.exe; ccSvcHst.exe;
cctray.exe; CEmRep.exe; CFIAUDIT.EXE; cfp.exe; clamscan.exe;
ClamTray.exe; ClamWin.exe; Claw95.exe; Claw95cf.exe; cleaner.exe;
cleaner3.exe; ClientGUI.exe; CliSvc.exe; CLNTSVC.exe; CMain.exe;
cmdagent.exe; CMGrdian.exe; cntaosmgr.exe; ComboFix.exe; consctl.exe;
copyx64.exe; cpd.exe; cssexc.exe; cssurf.exe; cureit.exe;
custinstall.exe; custsetup.exe; DarkSpy105.exe; defensewall.exe;
DefWatch.exe; dislite.exe; DOORS.EXE; dpatrolq.exe; drvctl.exe;
DrVirus.exe; DrvMap.exe; drwadins.exe; drweb32w.exe; drweb386.exe;
drwebscd.exe; DRWEBUPW.EXE; drwebwcl.exe; drwreg.exe; dsa.exe;
ecmd.exe; egni.exe; egui.exe; ekrn.exe; elogsvc.exe; EMM386.EXE;
ESCANH95.EXE; ESCANHNT.EXE; escanmon.exe; esrreq.exe; essact.exe;
ewidoctrl.exe; exit_av.exe; EzAntivirusRegistrationCheck.exe;
F-AGNT95.EXE; F-PROT95.EXE; F-Sched.exe; F-StopW.EXE; FAMEH32.exe;
FAST.EXE; FCH32.exe; feedback.exe; filemonsv.exe; firebird.exe;
FireSvc.exe; FireTray.exe; FIREWALL.EXE; FLOPPY.EXE; FLOPPY9x.EXE;
FLOPPYME.EXE; FPAVServer.exe; fpavupdm.exe; FProtTray.exe; fpscan.exe;
fptrayproc.exe; FPWin.exe; freshclam.exe; FRW.EXE; fsample.exe;
fsaua.exe; fsauach.exe; fsav.exe; fsav32.exe; fsavaui.exe;
fsavgui.exe; fsavstrt.exe; fsavwsch.exe; fsavwscr.exe; fsbwsys.exe;
fsdbuh.exe; fsdc.exe; fsdfwd.exe; FSDIAG.exe; FsDiagUi.exe;
fsfwwsch.exe; fsfwwscr.exe; fsgetwab.exe; fsgk32.exe; fsgk32st.exe;
fsguidll.exe; fsguiexe.exe; FSHDLL32.exe; fshelp.exe; FSHOTFIX.exe;
fsihcomp.exe; fsihs.exe; FSIMAGE.EXE; FSLAUNCH.exe; FSM32.exe;
FSMA32.exe; FSMB32.exe; fsorsp.exe; fspc.exe; fspex.exe; fsqh.exe;
fssf.exe; fssg.exe; fssm32.exe; fsstm.exe; fssw.exe; fstlui.exe;
fsuninst.exe; fsus.exe; FVProtect.exe; gcasDtServ.exe; gcasServ.exe;
gdfirewalltray.exe; gdfwsvc.exe; GhostStartTrayApp.exe; GhostTray.exe;
GIANTAntiSpywareMain.exe; GIANTAntiSpywareUpdater.exe; GUARD.EXE;
guardgni.exe; GUARDGUI.EXE; GuardNT.exe; helper.exe; HijackThis.exe;
HiJackThis_v2.exe; hipsdiag.exe; hookAnalyzer.exe; HRegMon.exe;
Hrres.exe; HSockPE.exe; HUpdate.EXE; iamapp.exe; iamserv.exe;
IceSword.exe; ICLOAD95.EXE; ICLOADNT.EXE; ICMON.EXE; ICSSUPPNT.EXE;
ICSUPP95.EXE; ICSUPPNT.EXE; IERegFix.exe; IEShow.exe; IFACE.EXE;
ih8.exe; ih8run.exe; ILAUNCHR.exe; INETUPD.EXE; Inicio.exe;
InocIT.exe; InoRpc.exe; InoRT.exe; InoTask.exe; InoUpTNG.exe;
InstallCAVS.exe; InstallLicense.exe; InstallLSP.exe; InstLsp.exe;
INWISE.EXE; ioloAV.exe; ioloFW.exe; IOMON98.EXE; isafe.exe;
ISATRAY.EXE; ISPNews.exe; isPwdsvc.exe; ISRV95.EXE; ISSVC.exe;
isUAC.exe; itmrtsvc.exe; JEDI.EXE; jpf.exe; jpfsrv.exe; jpf_ip.dll;
KAV.exe; kavmm.exe; KAVPF.exe; KavPFW.exe; KAVStart.exe; KAVSvc.exe;
KAVSvcUI.EXE; KMailMon.EXE; KPfwSvc.EXE; KWatch.EXE; LAUNCH.exe;
licmgr.exe; livesrv.exe; LiveUpdate.exe; LOCKDOWN2000.EXE;
LogWatNT.exe; lpfw.exe; LUALL.EXE; LUCallbackProxy.exe; LUCheck.exe;
LUCOMSERVER.EXE; LuComServer_3_2.EXE; LuConfig.exe; LUInit.exe;
Luupdate.exe; MakeISO.exe; MalwareRemoval.exe; mantispm.exe;
MBackMonitor.exe; MCAGENT.EXE; mcappins.exe; mcmnhdlr.exe;
mcmscsvc.exe; mcnasvc.exe; mcproxy.exe; mcregwiz.exe; Mcshield.exe;
mcsysmon.exe; mcuimgr.exe; MCUPDATE.EXE; mcvsmap.exe; mcvsshld.exe;
MemString.exe; MINILOG.EXE; MONITOR.EXE; monlite.exe; MonSysNT.exe;
MOOLIVE.EXE; moontray.exe; MpEng.exe; mpfagent.exe; mpfservice.exe;
mpftray.exe; mpssvc.exe; mrtstub.exe; MSASCui.exe; MskSrver.exe;
MSMPSVC.exe; MSProxy.ahn; mva.exe; MVC.exe; mwagent.exe; mwaser.exe;
myAgtSvc.exe; myagttry.exe; navapsvc.exe; NAVAPW32.EXE; NavLu32.exe;
NavShcom.exe; NAVStub.exe; NAVW32.EXE; Navwnt.exe; NDD32.EXE;
NeoWatchLog.exe; NeoWatchTray.exe; netmonsv.exe; NetstatViewer.exe;
nip.exe; nisoptui.exe; NISUM.EXE; njeeves.exe; NMAIN.EXE; nod32.exe;
nod32krn.exe; nod32kui.exe; nodlogin.exe; NORMIST.EXE; NotifyHA.exe;
notstart.exe; npavtray.exe; NPFMNTOR.EXE; npfmsg.exe; NPROTECT.EXE;
NSCHED32.EXE; NSMdtr.exe; NssServ.exe; NssTray.exe; ntrtscan.exe;
NTXconfig.exe; NUPGRADE.EXE; NVC95.EXE; nvcoas.exe; Nvcod.exe;
nvcsched.exe; Nvcte.exe; Nvcut.exe; nvoy.exe; NWCDEX.EXE;
NWService.exe; oasrv.exe; oaui.exe; OfcPfwSvc.exe; olAddin.exe;
OnAccessInstaller.exe; op_mon.exe; osCheck.exe; OUTPOST.EXE;
PartIn.exe; PartIn9x.exe; partinfo.exe; PartInNT.exe; PAV.EXE;
PAVARK.exe; pavbckpt.exe; PavFires.exe; PavFnSvr.exe; Pavkre.exe;
PavProt.exe; pavProxy.exe; pavprsrv.exe; pavsrv51.exe; PAVSS.EXE;
pccguide.exe; PCCIOMON.EXE; pccntmon.exe; PCCPFW.exe; PcCtlCom.exe;
PCTAV.exe; pctsauxs.exe; pctssvc.exe; pctstray.exe; PERSFW.EXE;
pertsk.exe; PERVAC.EXE; pf6.exe; pg2.exe; PIFSvc.exe; PM8Flash.exe;
PMagic.exe; PMagic9x.exe; PMagicBT.exe; PMagicNT.exe; PNMSRV.EXE;
POLUTIL.exe; POP3TRAP.EXE; POPROXY.EXE; popscan.exe; postinstall.exe;
PP2000.exe; ppavmon.exe; ppctlpriv.exe; ppfw.exe; ppinupdt.exe;
ppserv.exe; pptbc.exe; PQBOOT.EXE; Pqboot32.exe; PQBOOTX.EXE;
pqbw.exe; PQLAUNCH.EXE; PQMAGIC.EXE; PqPe.exe; pqpe9x.exe; pqpent.exe;
PQV2iSvc.exe; preconfig.exe; preupd.exe; prevsrv.exe; PrevxSetup.exe;
ProcessViewer.exe; psctrls.exe; pshost.exe; PsImSvc.exe; psksvc.exe;
PTEDIT.EXE; PTEDIT32.EXE; PTEPIT32.EXE; PXAgent.exe; PXConsole.exe;
PXL.exe; PXL1.exe; PXReset.exe; pxsupport.exe; QHM32.EXE;
QHONLINE.EXE; QHONSVC.EXE; QHPF.EXE; qhwscsvc.exe; qklez.exe;
qoeloader.exe; qrtfix.exe; quaranti.exe; RavMon.exe; RavTimer.exe;
Realmon.exe; REALMON95.EXE; REATOGO_START.exe; register.exe;
removeit.exe; Remover.exe; Rescue.exe; rfwmain.exe; RKUnhooker.exe;
RkUService.exe; RootkitBuster.exe; Rootkit_Detective.exe; Rtvscan.exe;
RTVSCN95.EXE; RuLaunch.exe; ruleeditor.exe; RunSetup.exe; sarcli.exe;
sargui.exe; SAV32CLI.EXE; SAVAdminService.exe; SAVMain.exe;
savprogress.exe; SavRoam.exe; SAVScan.exe; savservice.exe; SavUI.exe;
sbamsvc.exe; sbamtray.exe; sbpfcl.exe; sbpflnch.exe; sbpfsvc.exe;
SCAN32.EXE; scanner.exe; ScanningProcess.exe; scfmanager.exe;
scfservice.exe; scftray.exe; sched.exe; sdhelp.exe; sdinvoker.exe;
sdloader.exe; SDTrayApp.exe; seccenter.exe; SERVIC~1.EXE;
sfctlcom.exe; shortcutCreator.exe; SHSTAT.exe; sigtool.exe;
SiteCli.exe; smc.exe; SNDSrvc.exe; SNUTIL.EXE; SPBBCSvc.exe;
SPHINX.EXE; spiderml.exe; spidernt.exe; Spiderui.exe; sporder.exe;
SpybotSD.exe; SpywareTerminatorShield.exe; SPYXX.EXE; sp_rsser.exe;
srvload.exe; SS3EDIT.EXE; StartMyagtTry.exe; start_diag.exe;
stopsignav.exe; SubmitFiles.exe; SUPERAntiSpyware.exe; svcntaux.exe;
swAgent.exe; swdoctor.exe; swdsvc.exe; SWNETSUP.EXE;
SymantecRootInstaller.exe; symlcsvc.exe; SymProxySvc.exe;
SymSPort.exe; SymWSC.exe; SYNMGR.EXE; Sysinfo.exe; SysSafe.exe;
SystemGuardAlerter.exe; taskscheduler.exe; TAUMON.EXE; TBMon.exe;
TC.EXE; tca.exe; TCM.EXE; TDS-3.EXE; TeaTimer.exe; TFAK.EXE;
tfservice.exe; tgsvcstp.exe; THAV.EXE; THGnard.exe; THSM.EXE;
Tmas.exe; tmas_oemon.exe; tmbmsrv.exe; tmlisten.exe; Tmntsrv.exe;
TmPfw.exe; tmproxy.exe; TNBUtil.exe; tpsrv.exe; tracelog.exe;
trayicos.exe; traysser.exe; Trjscan.exe; TrojanGuarder.exe;
TrojanHunter.exe; trtddptr.exe; ufseagnt.exe; uiscan.exe;
umxagent.exe; umxcfg.exe; umxfwhlp.exe; umxpol.exe; UninstallCAVS.exe;
Uninstaller.exe; UninstallLSP.exe; UnlockerAssistant.exe;
unp_test.exe; Up2Date.exe; UPDATE.EXE; UpdaterUI.exe; updclient.exe;
upgrepl.exe; UPSObMaker.exe; UUpd.exe; V3ClnSrv.exe; vav.exe;
Vba32ECM.exe; Vba32ifs.exe; vba32ldr.exe; Vba32PP3.exe; VBSNTW.exe;
vchk.exe; vcrmon.exe; vetmsg.exe; VetTray.exe; viritexp.exe;
viritsvc.exe; VirusKeeper.exe; VirusNews.exe; VistAux.exe;
VisthLic.exe; VisthUpd.exe; VPC32.exe; VPTRAY.EXE; vrfwsvc.exe;
VRMONNT.EXE; vrmonsvc.exe; vrrw32.exe; VSECOMR.EXE; Vshwin32.exe;
vsmon.exe; vsserv.exe; VsStat.exe; WATCHDOG.EXE; Wclose.exe;
webfiltr.exe; WebProxy.exe; Webscanx.exe; WEBTRAP.EXE; WGFE95.EXE;
wil.exe; Winaw32.exe; WindowList.exe; WinPFind3U.exe; winroute.exe;
winss.exe; winssnotify.exe; WRADMIN.EXE; WRCTRL.EXE; writespid.exe;
WRPROG.EXE; wsctool.exe; xcommsvr.exe; zanda.exe; zatutor.exe;
ZAUINST.EXE; zauninst.exe; zlclient.exe; ZLH.exe; zonealarm.exe;
_AVP32.EXE; _AVPCC.EXE; _AVPM.EXE; AVP32.EXE; AVPCC.EXE; AVPM.EXE;
a2cmd.exe; a2guard.exe; a2HiJackFree.exe; a2scan.exe; a2service.exe;
a2start.exe; a2upd.exe; a2wizard.exe; aavshield.exe; About.exe;
AckWin32.exe; ADVCHK.EXE; Agb5.exe; Agb5 .exe; AhnSD.exe;
airdefense.exe; ALERTSVC.EXE; ALMon.exe; ALOGSERV.EXE; ALsvc.exe;
ALUNOTIFY.EXE; amon.exe; Anti-Trojan.exe; AntiVirScheduler;
AntiVirService; AntiVirus.exe; ANTS.EXE; APVXDWIN.EXE; Armor2net.exe;
ash.exe; ashAvast.exe; ashAvSrv.exe; ashchest.exe; ashdisp.exe;
ashDug.exe; ashEnhcd.exe; ashLogV.exe; ashMaiSv.exe; ashPopWz.exe;
ashQuick.exe; ashServ.exe; ashsimp2.exe; ashSimpl.exe; ashSkPcc.exe;
ashSkPck.exe; ashUpd.exe; ashWebSv.exe; ash UpdateMediator.exe;
aswDisp.exe; aswRegSvr.exe; aswUpdSv.exe; ATCON.EXE; ATUPDATER.EXE;
ATWATCH.EXE; AUPDATE.EXE; AUTODOWN.EXE; AutostartExplorer.exe;
AUTOTRACE.EXE; AUTOUPDATE.EXE; avadmin.exe; avcenter.exe; avciman.exe;
avcmd.exe; avconfig.exe; Avconsol.exe; AVENGINE.EXE; avgamsvr.exe;
avgcc.exe; AVGCC32.EXE; AVGCTRL.EXE; avgdiag.exe; avgemc.exe;
avgfwsrv.exe; avginet.exe; avgnpdln.exe; avgnpsvc.exe; AVGNT.EXE;
avgntdd; avgntmgr; avgrssvc.exe; avgscan.exe; AVGSERV.EXE;
AVGUARD.EXE; avgupden.exe; avgupsvc.exe; avgvv.exe; avgw.exe;
avgwizfw.exe; avinitnt.exe; AvkServ.exe; AVKService.exe; AVKWCtl.exe;
avnotify.exe; AVP.EXE; AVP32.EXE; avpcc.exe; avpm.exe; AVPUPD.EXE;
avscan.exe; AVSCHED32.EXE; avsynmgr.exe; AVWUPD32.EXE; AVWUPSRV.EXE;
AVXMONITOR9X.EXE; AVXMONITORNT.EXE; AVXQUAR.EXE; BackWeb-4476822.exe;
bdagent.exe; bdmcon.exe; bdnews.exe; bdoesrv.exe; bdss.exe;
bdsubmit.exe; bdsubmitwiz.exe; BDSurvey.exe; bdswitch.exe;
bdwizreg.exe; blackd.exe; blackice.exe; blindman.exe; BTIni.exe;
BTIniNT.exe; cafix.exe; CavApp.exe; CaVasm.exe; CavAUD.exe;
CavEmSrv.exe; Cavmr.exe; CavMUD.exe; Cavoar.exe; CavQ.exe;
CAVSCons.exe; cavse.exe; CavSn.exe; CavSub.exe; CAVSubmit.exe;
CavUMAS.exe; CavUserUpd.exe; Cavvl.exe; ccApp.exe; ccEvtMgr.exe;
ccProxy.exe; ccSetMgr.exe; CEmRep.exe; CFIAUDIT.EXE; clamscan.exe;
ClamTray.exe; ClamWin.exe; Claw95.exe; Claw95cf.exe; cleaner.exe;
cleaner3.exe; CliSvc.exe; CMain.exe; CMGrdian.exe; copyx64.exe;
cpd.exe; cssexc.exe; custinstall.exe; custsetup.exe; defensewall.exe;
DefWatch.exe; dislite.exe; DOORS.EXE; dpatrolq.exe; drvctl.exe;
DrVirus.exe; DrvMap.exe; drwadins.exe; drweb32w.exe; drweb386.exe;
drwebscd.exe; DRWEBUPW.EXE; drwebwcl.exe; drwreg.exe; ecmd.exe;
egni.exe; ekrn.exe; EMM386.EXE; ESCANH95.EXE; ESCANHNT.EXE;
ewidoctrl.exe; exit av.exe; EzAntivirusRegistrationCheck.exe;
F-AGNT95.EXE; F-PROT95.EXE; F-Sched.exe; F-StopW.EXE; FAMEH32.exe;
FAST.EXE; FCH32.exe; firebird.exe; FireSvc.exe; FireTray.exe;
FIREWALL.EXE; FLOPPY.EXE; FLOPPY9x.EXE; FLOPPYME.EXE; FPAVServer.exe;
fpavupdm.exe; FProtTray.exe; fpscan.exe; fptrayproc.exe; FPWin.exe;
freshclam.exe; FRW.EXE; fsample.exe; fsaua.exe; fsauach.exe; fsav.exe;
fsav32.exe; fsavaui.exe; fsavgui.exe; fsavstrt.exe; fsavwsch.exe;
fsavwscr.exe; fsbwsys.exe; fsdbuh.exe; fsdc.exe; fsdfwd.exe;
FSDIAG.exe; FsDiagUi.exe; fsfwwsch.exe; fsfwwscr.exe; fsgetwab.exe;
fsgk32.exe; fsgk32st.exe; fsguidll.exe; fsguiexe.exe; FSHDLL32.exe;
fshelp.exe; FSHOTFIX.exe; fsihcomp.exe; fsihs.exe; FSIMAGE.EXE;
FSLAUNCH.exe; FSM32.exe; FSMA32.exe; FSMB32.exe; fspc.exe; fspex.exe;
fsqh.exe; fssf.exe; fssg.exe; fssm32.exe; fsstm.exe; fssw.exe;
fstlui.exe; fsuninst.exe; fsus.exe; gcasDtServ.exe; gcasServ.exe;
GIANTAntiSpywareMain.exe; GIANTAntiSpywareUpdater.exe; GUARD.EXE;
guardgni.exe; GUARDGUI.EXE; GuardNT.exe; helper.exe; hipsdiag.exe;
HRegMon.exe; Hrres.exe; HSockPE.exe; HUpdate.EXE; iamapp.exe;
iamserv.exe; ICLOAD95.EXE; ICLOADNT.EXE; ICMON.EXE; ICSSUPPNT.EXE;
ICSUPP95.EXE; ICSUPPNT.EXE; IERegFix.exe; IFACE.EXE; ih8.exe;
ih8run.exe; ILAUNCHR.exe; INETUPD.EXE; InocIT.exe; InoRpc.exe;
InoRT.exe; InoTask.exe; InoUpTNG.exe; InstallCAVS.exe;
InstallLicense.exe; InstallLSP.exe; InstLsp.exe; INWISE.EXE;
IOMON98.EXE; isafe.exe; ISATRAY.EXE; ISPNews.exe; isPwdsvc.exe;
ISRV95.EXE; ISSVC.exe; isUAC.exe; JEDI.EXE; KAV.exe; kavmm.exe;
KAVPF.exe; KavPFW.exe; KAVStart.exe; KAVSvc.exe; KAVSvcUI.EXE;
KMailMon.EXE; KPfwSvc.EXE; KWatch.EXE; licmgr.exe; livesrv.exe;
LiveUpdate.exe; LOCKDOWN2000.EXE; LogWatNT.exe; lpfw.exe; LUALL.EXE;
LUCallbackProxy.exe; LUCheck.exe; LUCOMSERVER.EXE; LuComServer 3
2.EXE; LuConfig.exe; LUInit.exe; Luupdate.exe; MalwareRemoval.exe;
MCAGENT.EXE; mcmnhdlr.exe; mcregwiz.exe; Mcshield.exe; MCUPDATE.EXE;
mcvsshld.exe; MemString.exe; MINILOG.EXE; MONITOR.EXE; monlite.exe;
MonSysNT.exe; MOOLIVE.EXE; MpEng.exe; mpssvc.exe; MSMPSVC.exe;
msascui.exe; mva.exe; MVC.exe; myAgtSvc.exe; myagttry.exe;
navapsvc.exe; NAVAPW32.EXE; NavLu32.exe; NAVStub.exe; NAVW32.EXE;
Navwnt.exe; NDD32.EXE; NeoWatchLog.exe; NeoWatchTray.exe;
NetstatViewer.exe; nisoptui.exe; NISSERV; NISUM.EXE; NMAIN.EXE;
nod32.exe; nod32krn.exe; nod32kui.exe; NORMIST.EXE; NotifyHA.exe;
notstart.exe; npavtray.exe; NPFMNTOR.EXE; npfmsg.exe; NPROTECT.EXE;
NSCHED32.EXE; NSMdtr.exe; NssServ.exe; NssTray.exe; ntrtscan.exe;
NTXconfig.exe; NUPGRADE.EXE; NVC95.EXE; Nvcod.exe; Nvcte.exe;
Nvcut.exe; NWCDEX.EXE; NWService.exe; oasrv.exe; oaui.exe;
OfcPfwSvc.exe; olAddin.exe; OnAccessInstaller.exe; osCheck.exe;
OUTPOST.EXE; PartIn.exe; PartIn9x.exe; partinfo.exe; PartInNT.exe;
PAV.EXE; PavFires.exe; PavFnSvr.exe; Pavkre.exe; PavProt.exe;
pavProxy.exe; pavprsrv.exe; pavsrv51.exe; PAVSS.EXE; pccguide.exe;
PCCIOMON.EXE; pccntmon.exe; PCCPFW.exe; PcCtlCom.exe; PCTAV.exe;
PERSFW.EXE; pertsk.exe; PERVAC.EXE; PM8Flash.exe; PMagic.exe;
PMagic9x.exe; PMagicBT.exe; PMagicNT.exe; PNMSRV.EXE; POLUTIL.exe;
POP3TRAP.EXE; POPROXY.EXE; postinstall.exe; ppfw.exe; PQBOOT.EXE;
Pqboot32.exe; PQBOOTX.EXE; pqbw.exe; PQLAUNCH.EXE; PQMAGIC.EXE;
PqPe.exe; pqpe9x.exe; pqpent.exe; preconfig.exe; preupd.exe;
prevsrv.exe; PrevxSetup.exe; ProcessViewer.exe; psctrls.exe;
pshost.exe; PsImSvc.exe; PTEDIT.EXE; PTEDIT32.EXE; PTEPIT32.EXE;
PXAgent.exe; PXConsole.exe; PXL.exe; PXL1.exe; PXReset.exe;
pxsupport.exe; QHM32.EXE; QHONLINE.EXE; QHONSVC.EXE; QHPF.EXE;
qhwscsvc.exe; qklez.exe; qrtfix.exe; quaranti.exe; RavMon.exe;
RavTimer.exe; Realmon.exe; REALMON95.EXE; register.exe; removeit.exe;
Remover.exe; Rescue.exe; rfwmain.exe; Rtvscan.exe; RTVSCN95.EXE;
RuLaunch.exe; RunSetup.exe; sarcli.exe; sargui.exe; SAV32CLI.EXE;
SAVAdminService.exe; SAVMain.exe; savprogress.exe; SAVScan.exe;
SCAN32.EXE; scanner.exe; ScanningProcess.exe; sched.exe; sdhelp.exe;
sdinvoker.exe; sdloader.exe; SDTrayApp.exe; seccenter.exe;
SERVIC~1.EXE; SHSTAT.EXE; sigtool.exe; SiteCli.exe; smc.exe;
SNDSrvc.exe; SNUTIL.EXE; SPBBCSvc.exe; SPHINX.EXE; spiderml.exe;
spidernt.exe; Spiderui.exe; sporder.exe; SpybotSD.exe; SPYXX.EXE;
SS3EDIT.EXE; start diag.exe; stopsignav.exe; SubmitFiles.exe;
svcntaux.exe; swAgent.exe; swdoctor.exe; swdsvc.exe; SWNETSUP.EXE;
SymantecRootInstaller.exe; symlcsvc.exe; SymProxySvc.exe;
SymSPort.exe; SymWSC.exe; SYNMGR.EXE; Sysinfo.exe; TAUMON.EXE;
TBMon.exe; TC.EXE; tca.exe; TCM.EXE; TDS-3.EXE; TeaTimer.exe;
TFAK.EXE; tgsvcstp.exe; THAV.EXE; THGnard.exe; THSM.EXE; Tmas.exe;
tmlisten.exe; Tmntsrv.exe; TmPfw.exe; tmproxy.exe; tnbutil.exe;
tracelog.exe; TRJSCAN.EXE; TrojanGuarder.exe; TrojanHunter.exe;
trtddptr.exe; uiscan.exe; UninstallCAVS.exe; Uninstaller.exe;
UninstallLSP.exe; unp test.exe; Up2Date.exe; UPDATE.EXE;
UpdaterUI.exe; updclient.exe; upgrepl.exe; UPSObMaker.exe; UUpd.exe;
Vba32ECM.exe; Vba32ifs.exe; vba32ldr.exe; Vba32PP3.exe; VBSNTW.exe;
vchk.exe; vcrmon.exe; VetTray.exe; viritexp.exe; viritsvc.exe;
VirusKeeper.exe; VirusNews.exe; VistAux.exe; VisthLic.exe;
VisthUpd.exe; VPTRAY.EXE; vrfwsvc.exe; VRMONNT.EXE; vrmonsvc.exe;
vrrw32.exe; VSECOMR.EXE; Vshwin32.exe; vsmon.exe; vsserv.exe;
VsStat.exe; w9xpopen; WATCHDOG.EXE; Wclose.exe; webfiltr.exe;
WebProxy.exe; Webscanx.exe; WEBTRAP.EXE; WGFE95.EXE; wil.exe;
Winaw32.exe; WindowList.exe; winroute.exe; winss.exe; winssnotify.exe;
WRADMIN.EXE; WRCTRL.EXE; writespid.exe; WRPROG.EXE; wsctool.exe;
xcommsvr.exe; zatutor.exe; ZAUINST.EXE; zauninst.exe; zlclient.exe;
zonealarm.exe
Datei Einzelheiten
Laufzeitpacker:
Um eine Erkennung zu erschweren und die Größe der Datei zu reduzieren wurde sie mit folgendem Laufzeitpacker gepackt:
• Themida
Kurzfassung
hier
.
Beschreibung erstellt von Petre Galan am Wed, 03 Feb 2010 19:14 (GMT+1)
Beschreibung geändert von Petre Galan am Thu, 04 Feb 2010 17:01 (GMT+1)
»
Über Malware
»
Über Phishing
»
In-the-Wild-Viren
« zurück
Diese Seite drucken
HEUR/HTML.Malware
TR/Crypt.XPACK.Gen2
W32/Sality.Y
Java/Agent.M.1
HTML/Crypted.Gen
TR/Agent2.loa
TR/Agent.axg
TR/Agent.ATU.2
Java/ClassLoader.AZ
TR/Crypt.XPACK.Gen3
Einfach aktuelle Nachrichten von Avira bekommen, als
Erkennt und entfernt bestimmte Malware und ihre Varianten.
Hier downloaden
Virenwarnung
auf Ihre Webseite einbinden
© 2010 Avira GmbH
Copyright
|
Datenschutz
|
Sitemap
|
Feedback
|
Impressum
|
FAQ
|
Kontakt
Vireninfos TR/Dldr.Bagle.bes
Diese Seite drucken
.gif)
