Size: 579,584 bytes.
MD5: aac63d4ebb5e40428ae84f2addc617a2
SHA1: e9348d3db8221f8ed118c5a0e7a3a2ebdfb3da9a
Destructive activities
When launched, the Trojan does the following:
- creates files:
% AppData% \ chrome.exe
% AppData% \ chrome
- creates the following registry keys:
[HKLM \ System \ ControlSet001 \ Services \ SharedAccess \ Parameters \FirewallPolicy \ StandardProfile]
"DoNotAllowExceptions" = 0
[HKLM \ System \ ControlSet001 \ Services \ SharedAccess \ Parameters \
FirewallPolicy \ StandardProfile \ AuthorizedApplications \ List]
"% WinDir% \ Microsoft.NET \ Framework \ v2.0.50727 \ vbc.exe" =
"% WinDir% \ Microsoft.NET \ Framework \ v2.0.50727 \ vbc.exe: *: Enabled: Windows Messanger"
[HKLM \ System \ ControlSet001 \ Services \ SharedAccess \ Parameters \
FirewallPolicy \ StandardProfile \ AuthorizedApplications \ List]
"% AppData% \ chrome.exe" = "% AppData% \ chrome.exe: *: Enabled: Windows Messanger"
[HKCU \ Software \ VB and VBA Program Settings \ SrvID \ ID]
"CBNCSPGZT2" = "chrome"
[HKCU \ Software \ VB and VBA Program Settings \ INSTALL \ DATE]
"CBNCSPGZT2" = "<Date>"
Where <Date> - date when the Trojan was installed on the infected computer in a format «October 13, 2011."
- identify the country of location of the infected computer by accessing the website:
- provides networking with the host:
Removal
If your computer was not protected by Antivirus and is infected with this malware, then to delete the following:
1. With the Task Manager to terminate the Trojan process.
2. Delete the original Trojan file (the location of the victim will depend on how the program originally penetrated the victim machine).
3. Delete files:
% AppData% \ DalxI.txt
% AppData% \ chrome.exe
% AppData% \ chrome 4. Remove the registry keys (how to work with the registry?)
[HKLM \ System \ ControlSet001 \ Services \ SharedAccess \ Parameters \FirewallPolicy \ StandardProfile \ AuthorizedApplications \ List]
"% WinDir% \ Microsoft.NET \ Framework \ v2.0.50727 \ vbc.exe" = "% WinDir% \ Microsoft.NET \ Framework \ v2.0.50727 \ vbc.exe: *: Enabled: Windows Messanger"
[HKLM \ System \ ControlSet001 \ Services \ SharedAccess \ Parameters \FirewallPolicy \ StandardProfile \ AuthorizedApplications \ List]
"% AppData% \ chrome.exe" = "% AppData% \ chrome.exe: *: Enabled: Windows Messanger"
[HKCU \ Software \ VB and VBA Program Settings \ SrvID \ ID]
"CBNCSPGZT2" = "chrome"
[HKCU \ Software \ VB and VBA Program Settings \ INSTALL \ DATE]
"CBNCSPGZT2" = "<Date>"
5. Change the value of a registry key to the home (how to work with the registry?)
[HKLM \ System \ ControlSet001 \ Services \ SharedAccess \ Parameters \
FirewallPolicy \ StandardProfile]
"DoNotAllowExceptions" = 0 6. Perform a full system scan with any Antivirus Update your antivirus databases (or download a trial version).
No comments:
Post a Comment