Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Trojan.Siggen6.30429
Aggiunto al database dei virus Dr.Web:
2015-02-17
La descrizione è stata aggiunta:
2015-02-17
Technical Information
To ensure autorun and distribution:
Creates the following services:
[<HKLM>\SYSTEM\ControlSet001\Services\MSNDSRV] 'Start' = '00000002'
Malicious functions:
Creates and executes the following:
'<SYSTEM32>\MSCFG32.EXE'
'<SYSTEM32>\MSDIRECTX.EXE'
'<SYSTEM32>\msnadt.exe'
Executes the following:
'<SYSTEM32>\cmd.exe' /c %TEMP%\INSTV3.BAT
'<SYSTEM32>\attrib.exe' -r "<SYSTEM32>\msnadt.exe"
'<SYSTEM32>\cmd.exe' /c %TEMP%\INSTV4.BAT
Hooks the following functions in System Service Descriptor Table (SSDT):
NtReleaseSemaphore, handler: unknown
NtRemoveIoCompletion, handler: unknown
NtRegisterThreadTerminatePort, handler: unknown
NtReleaseMutant, handler: unknown
NtReplaceKey, handler: unknown
NtReplyPort, handler: unknown
NtRemoveProcessDebug, handler: unknown
NtRenameKey, handler: unknown
NtReadVirtualMemory, handler: unknown
NtQueueApcThread, handler: unknown
NtRaiseException, handler: unknown
NtQueryVirtualMemory, handler: unknown
NtQueryVolumeInformationFile, handler: unknown
NtReadFileScatter, handler: unknown
NtReadRequestData, handler: unknown
NtRaiseHardError, handler: unknown
NtReadFile, handler: unknown
NtReplyWaitReceivePort, handler: unknown
NtSaveKey, handler: unknown
NtSaveKeyEx, handler: unknown
NtResumeProcess, handler: unknown
NtResumeThread, handler: unknown
NtSetBootEntryOrder, handler: unknown
NtSetBootOptions, handler: unknown
NtSaveMergedKeys, handler: unknown
NtSecureConnectPort, handler: unknown
NtRestoreKey, handler: unknown
NtRequestDeviceWakeup, handler: unknown
NtRequestPort, handler: unknown
NtReplyWaitReceivePortEx, handler: unknown
NtReplyWaitReplyPort, handler: unknown
NtResetEvent, handler: unknown
NtResetWriteWatch, handler: unknown
NtRequestWaitReplyPort, handler: unknown
NtRequestWakeupLatency, handler: unknown
NtQueryValueKey, handler: unknown
NtQueryInformationPort, handler: unknown
NtQueryInformationProcess, handler: unknown
NtQueryInformationFile, handler: unknown
NtQueryInformationJobObject, handler: unknown
NtQueryInstallUILanguage, handler: unknown
NtQueryIntervalProfile, handler: unknown
NtQueryInformationThread, handler: unknown
NtQueryInformationToken, handler: unknown
NtQueryInformationAtom, handler: unknown
NtQueryDefaultUILanguage, handler: unknown
NtQueryDirectoryFile, handler: unknown
NtQueryDebugFilterState, handler: unknown
NtQueryDefaultLocale, handler: unknown
NtQueryEvent, handler: unknown
NtQueryFullAttributesFile, handler: unknown
NtQueryDirectoryObject, handler: unknown
NtQueryEaFile, handler: unknown
NtQueryIoCompletion, handler: unknown
NtQuerySystemEnvironmentValue, handler: unknown
NtQuerySystemEnvironmentValueEx, handler: unknown
NtQuerySemaphore, handler: unknown
NtQuerySymbolicLinkObject, handler: unknown
NtQueryTimer, handler: unknown
NtQueryTimerResolution, handler: unknown
NtQuerySystemInformation, handler: unknown
NtQuerySystemTime, handler: unknown
NtQuerySecurityObject, handler: unknown
NtQueryMutant, handler: unknown
NtQueryObject, handler: unknown
NtQueryKey, handler: unknown
NtQueryMultipleValueKey, handler: unknown
NtQueryQuotaInformationFile, handler: unknown
NtQuerySection, handler: unknown
NtQueryOpenSubKeys, handler: unknown
NtQueryPerformanceCounter, handler: unknown
NtTraceEvent, handler: unknown
NtTranslateFilePath, handler: unknown
NtTerminateThread, handler: unknown
NtTestAlert, handler: unknown
NtUnloadKeyEx, handler: unknown
NtUnlockFile, handler: unknown
NtUnloadDriver, handler: unknown
NtUnloadKey, handler: unknown
NtTerminateProcess, handler: unknown
NtStartProfile, handler: unknown
NtStopProfile, handler: unknown
NtShutdownSystem, handler: unknown
NtSignalAndWaitForSingleObject, handler: unknown
NtSystemDebugControl, handler: unknown
NtTerminateJobObject, handler: unknown
NtSuspendProcess, handler: unknown
NtSuspendThread, handler: unknown
NtUnlockVirtualMemory, handler: unknown
NtYieldExecution, handler: unknown
NtCreateKeyedEvent, handler: unknown
NtWriteRequestData, handler: unknown
NtWriteVirtualMemory, handler: unknown
NtWaitForKeyedEvent, handler: unknown
NtQueryPortInformationProcess, handler: unknown
NtOpenKeyedEvent, handler: unknown
NtReleaseKeyedEvent, handler: unknown
NtWriteFileGather, handler: unknown
NtWaitForDebugEvent, handler: unknown
NtWaitForMultipleObjects, handler: unknown
NtUnmapViewOfSection, handler: unknown
NtVdmControl, handler: unknown
NtWaitLowEventPair, handler: unknown
NtWriteFile, handler: unknown
NtWaitForSingleObject, handler: unknown
NtWaitHighEventPair, handler: unknown
NtSetVolumeInformationFile, handler: unknown
NtSetInformationFile, handler: unknown
NtSetInformationJobObject, handler: unknown
NtSetHighWaitLowEventPair, handler: unknown
NtSetInformationDebugObject, handler: unknown
NtSetInformationProcess, handler: unknown
NtSetInformationThread, handler: unknown
NtSetInformationKey, handler: unknown
NtSetInformationObject, handler: unknown
NtSetHighEventPair, handler: unknown
NtSetDefaultHardErrorPort, handler: unknown
NtSetDefaultLocale, handler: unknown
NtSetContextThread, handler: unknown
NtSetDebugFilterState, handler: unknown
NtSetEvent, handler: unknown
NtSetEventBoostPriority, handler: unknown
NtSetDefaultUILanguage, handler: unknown
NtSetEaFile, handler: unknown
NtSetInformationToken, handler: unknown
NtSetSystemTime, handler: unknown
NtSetThreadExecutionState, handler: unknown
NtSetSystemInformation, handler: unknown
NtSetSystemPowerState, handler: unknown
NtSetUuidSeed, handler: unknown
NtSetValueKey, handler: unknown
NtSetTimer, handler: unknown
NtSetTimerResolution, handler: unknown
NtSetSystemEnvironmentValueEx, handler: unknown
NtSetLdtEntries, handler: unknown
NtSetLowEventPair, handler: unknown
NtSetIntervalProfile, handler: unknown
NtSetIoCompletion, handler: unknown
NtSetSecurityObject, handler: unknown
NtSetSystemEnvironmentValue, handler: unknown
NtSetLowWaitHighEventPair, handler: unknown
NtSetQuotaInformationFile, handler: unknown
NtCreateProcess, handler: unknown
NtCreateProcessEx, handler: unknown
NtCreatePagingFile, handler: unknown
NtCreatePort, handler: unknown
NtCreateSemaphore, handler: unknown
NtCreateSymbolicLinkObject, handler: unknown
NtCreateProfile, handler: unknown
NtCreateSection, handler: unknown
NtCreateNamedPipeFile, handler: unknown
NtCreateIoCompletion, handler: unknown
NtCreateJobObject, handler: unknown
NtCreateEventPair, handler: unknown
NtCreateFile, handler: unknown
NtCreateMailslotFile, handler: unknown
NtCreateMutant, handler: unknown
NtCreateJobSet, handler: unknown
NtCreateKey, handler: unknown
NtCreateThread, handler: unknown
NtDeleteValueKey, handler: unknown
NtDeviceIoControlFile, handler: unknown
NtDeleteKey, handler: unknown
NtDeleteObjectAuditAlarm, handler: unknown
NtDuplicateToken, handler: unknown
NtEnumerateBootEntries, handler: unknown
NtDisplayString, handler: unknown
NtDuplicateObject, handler: unknown
NtDeleteFile, handler: unknown
NtCreateWaitablePort, handler: unknown
NtDebugActiveProcess, handler: unknown
NtCreateTimer, handler: unknown
NtCreateToken, handler: unknown
NtDeleteAtom, handler: unknown
NtDeleteBootEntry, handler: unknown
NtDebugContinue, handler: unknown
NtDelayExecution, handler: unknown
NtCreateEvent, handler: unknown
NtAdjustPrivilegesToken, handler: unknown
NtAlertResumeThread, handler: unknown
NtAddBootEntry, handler: unknown
NtAdjustGroupsToken, handler: unknown
NtAllocateUserPhysicalPages, handler: unknown
NtAllocateUuids, handler: unknown
NtAlertThread, handler: unknown
NtAllocateLocallyUniqueId, handler: unknown
NtAddAtom, handler: unknown
NtAccessCheckAndAuditAlarm, handler: unknown
NtAccessCheckByType, handler: unknown
NtAcceptConnectPort, handler: unknown
NtAccessCheck, handler: unknown
NtAccessCheckByTypeResultListAndAuditAlarm, handler: unknown
NtAccessCheckByTypeResultListAndAuditAlarmByHandle, handler: unknown
NtAccessCheckByTypeAndAuditAlarm, handler: unknown
NtAccessCheckByTypeResultList, handler: unknown
NtAllocateVirtualMemory, handler: unknown
NtCompleteConnectPort, handler: unknown
NtCompressKey, handler: unknown
NtCompactKeys, handler: unknown
NtCompareTokens, handler: unknown
NtCreateDebugObject, handler: unknown
NtCreateDirectoryObject, handler: unknown
NtConnectPort, handler: unknown
NtContinue, handler: unknown
NtCloseObjectAuditAlarm, handler: unknown
NtCallbackReturn, handler: unknown
NtCancelDeviceWakeupRequest, handler: unknown
NtAreMappedFilesTheSame, handler: unknown
NtAssignProcessToJobObject, handler: unknown
NtClearEvent, handler: unknown
NtClose, handler: unknown
NtCancelIoFile, handler: unknown
NtCancelTimer, handler: unknown
NtOpenJobObject, handler: unknown
NtOpenKey, handler: unknown
NtOpenFile, handler: unknown
NtOpenIoCompletion, handler: unknown
NtOpenProcess, handler: unknown
NtOpenProcessToken, handler: unknown
NtOpenMutant, handler: unknown
NtOpenObjectAuditAlarm, handler: unknown
NtOpenEventPair, handler: unknown
NtModifyBootEntry, handler: unknown
NtNotifyChangeDirectoryFile, handler: unknown
NtMapUserPhysicalPagesScatter, handler: unknown
NtMapViewOfSection, handler: unknown
NtOpenDirectoryObject, handler: unknown
NtOpenEvent, handler: unknown
NtNotifyChangeKey, handler: unknown
NtNotifyChangeMultipleKeys, handler: unknown
NtOpenProcessTokenEx, handler: unknown
NtPrivilegedServiceAuditAlarm, handler: unknown
NtProtectVirtualMemory, handler: unknown
NtPrivilegeCheck, handler: unknown
NtPrivilegeObjectAuditAlarm, handler: unknown
NtQueryBootEntryOrder, handler: unknown
NtQueryBootOptions, handler: unknown
NtPulseEvent, handler: unknown
NtQueryAttributesFile, handler: unknown
NtPowerInformation, handler: unknown
NtOpenSymbolicLinkObject, handler: unknown
NtOpenThread, handler: unknown
NtOpenSection, handler: unknown
NtOpenSemaphore, handler: unknown
NtOpenTimer, handler: unknown
NtPlugPlayControl, handler: unknown
NtOpenThreadToken, handler: unknown
NtOpenThreadTokenEx, handler: unknown
NtMapUserPhysicalPages, handler: unknown
NtFreeUserPhysicalPages, handler: unknown
NtFreeVirtualMemory, handler: unknown
NtFlushVirtualMemory, handler: unknown
NtFlushWriteBuffer, handler: unknown
NtGetDevicePowerState, handler: unknown
NtGetPlugPlayEvent, handler: unknown
NtFsControlFile, handler: unknown
NtGetContextThread, handler: unknown
NtFlushKey, handler: unknown
NtEnumerateValueKey, handler: unknown
NtExtendSection, handler: unknown
NtEnumerateKey, handler: unknown
NtEnumerateSystemEnvironmentValuesEx, handler: unknown
NtFlushBuffersFile, handler: unknown
NtFlushInstructionCache, handler: unknown
NtFilterToken, handler: unknown
NtFindAtom, handler: unknown
NtGetWriteWatch, handler: unknown
NtLockFile, handler: unknown
NtLockProductActivationKeys, handler: unknown
NtLoadKey, handler: unknown
NtLoadKey2, handler: unknown
NtMakePermanentObject, handler: unknown
NtMakeTemporaryObject, handler: unknown
NtLockRegistryKey, handler: unknown
NtLockVirtualMemory, handler: unknown
NtLoadDriver, handler: unknown
NtImpersonateThread, handler: unknown
NtInitializeRegistry, handler: unknown
NtImpersonateAnonymousToken, handler: unknown
NtImpersonateClientOfPort, handler: unknown
NtIsSystemResumeAutomatic, handler: unknown
NtListenPort, handler: unknown
NtInitiatePowerAction, handler: unknown
NtIsProcessInJob, handler: unknown
Hides the following processes:
%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE
<SYSTEM32>\MSCFG32.EXE
Modifies file system :
Creates the following files:
<SYSTEM32>\mslog32.dat
<DRIVERS>\MSNDSRV.SYS
%TEMP%\INSTV3.BAT
%TEMP%\INSTV4.BAT
<SYSTEM32>\MSDIRECTX.EXE
<SYSTEM32>\msnadt.exe
<SYSTEM32>\MSCFG32.EXE
<SYSTEM32>\MSCFG32.DLL
Deletes the following files:
<SYSTEM32>\msnadt.exe
<SYSTEM32>\MSDIRECTX.EXE
Curing recommendations
Windows
macOS
Linux
Android
If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space .
If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.
If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
Switch off your device and turn it on as normal.
Find out more about Dr.Web for Android
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK