Trojan.Packed.18
(Trojan:Win32/Tibs.gen!B, Email-Worm.Win32.Zhelatin.ab, System error, Downloader-BAI.gen.d, Parser error, TROJ_MULP.I, Generic.dx, Trojan:Win32/Small, Trojan.Win32.Revelation, W32/Zhelatin.gen, TR/Small.DBY.AF, Trojan:Win32/Sisrop!rts, Trojan:Win32/Vxidl.gen!B, Downloader.Tibs, Trojan.Peed.Gen, Downloader-ASH.gen.b, Email-Worm.Win32.Zhelatin.aj, Downloader-BAI, W32/Nuwar.worm, Trojan.Generic.54676, Trojan.Mespam)
Aggiunto al database dei virus Dr.Web:
2007-02-13
La descrizione è stata aggiunta:
2007-02-19
Virus Type: Trojan
Affected OS: Win9x/NT/2000/XP
Size: 6 - 60 kB
Packed by: UPX
Technical Information
This record detects a wide range of malicious programs, that are using single-type modification of a packer.
File’s source name - love.exe
This malware can be downloaded by BackDoor.Groan.
Being started for execution, virus creates in system directory (%System%) the following files:
- sporder.dll
- rsvp32_2.dll, which is LSP-provider. It is detected by Dr.Web as Trojan.Spambot.
Places installed provider into the registry:
Creates HKLM\SOFTWARE\WinSock2\Buibert section.
Also modifies the following branch
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Injects its own code into services.exe and connects to 66.148.74.7 server by downloading message text for further spam-distribution. For this uses snapshot message network.
System recovery information
1. Download from obviously clean computer free of charge cure utility Dr.Web CureIt!.
2. Disconnect System Recovery on an affected computer
3. Disconnect an affected computer from local network or from Internet
4. Scan all logic discs Dr.Web CureIt.
5. In order to eliminate problems which are related to LSP-settings, you should study Microsoft recommendations (More...)
