Монитор угроз
NETGEAR® Threat Monitor – это исчерпывающий источник информации по новейшим угрозам вредоносного ПО и статистике распространения спама. В его таблицах представлена детальная статистика по последним угрозам, которые обнаружены в Интернете. Эти таблицы оперативно обновляются и сразу после возникновения новая угроза отражается в таблице.
« Back to list
Technical details
This Trojan calls premium rate numbers without the knowledge or consent of
the user. It is a Windows PE EXE file. It is 25131 bytes in size. It is written
in Delphi.
Payload
Once launched, the Trojan launches a copy of its own process and injects malicious
code (detected by as Trojan.Win32.Dialer.tvx) into this
process.
This code will:
- Get accessible modem connections on the user’s computer;
- Download a file from the URL shown below:
http://91.***.118.***/Dialer_Min/number.asp
This file is saved to the Windows directory as “number.txt”:
%WinDir%\number.txt
Parameters and phone numbers which will be used to make future calls are read
from this file. The file will then be deleted.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an
antivirus solution at all, follow the instructions below to delete the malicious
program:
- Use Task
Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on
how the program originally penetrated the victim machine).
- Delete all files from %Temporary Internet Files%.
- Update your antivirus databases and perform a full scan of the
computer .
| Virus Name: |
Trojan.Win32.Agent2.dtb |
| Aliases: |
|
| Pattern: |
200902171330 |
| Threat Type |
Propagation Methods |
Systems Affected |
Risk Level |
|
|
|
- Windows NT
- Windows XP
- Windows 2000
- Windows 95/98/ME
|
|
Наверх
