ViRobot

Security Info

  • Security Center
    • Virus
  • Security Dictionary
  • Security Service
  • Free Download!!

Threats DB

Trojan.Win32.S.Agent.121344.AG

Aliases  
Typical Symptoms  Changes registry,Sends email,Generating traffics,Creates file
Discovered  [korea] 0000-00-00
 [Foreign] 0000-00-00
Type  Trojan Horse ActiveField  Win32
Destory/Distribution
Origin  others Encryption  NO
Location  Macro Memory residence  NO
Scan engine needed
2014-09-17 [Able to detect & repair]
  • Free trial download
Description

Malicious code that spread through Spam Mail(photo.exe)

 

Many Spam Emails with the title "my new photo ;) " have been found recently. If the attached file(photo.exe) is executed, it could do Bot functions by connecting to malicious servers and send SMTP for infecting of other users.

 

[The symptom]

It sends Spam Emails and induces users to check a attached file(photo.zip).

When the attached file is executed, it creates a copy in a specific folder and, it creates malicious files disguised as a normal filename in folder of '(user account) Application data'.

 

* ​The created malicious codes are added in Windows registry for executing automatically after Windows rebooting.

 

 * It seems that the created files send emails in order to infect other users using SMTP account.

 

* In addition, it seems that it tries to access a specific site in order to do additional malicious actions, but there are no normal connections currently.

 

* If users become infected with this malicious code, it seems to be occurred overload with users' PC by massive network connections and additional malicious behaviors. 

 

 


Removal Instructions

[How to repair] 

Reparable by ViRobot engine ver. 2014-09-19 or above. 


List
Copyright 2008 @ HAURI Inc. All rights reserved. SiteMap