Trojan.Win32.VB.ateo (Kaspersky), Worm.Win32.Esfury (VIPRE), Backdoor.Win32.VB!IK (Emsisoft), GenericAutorunWorm.YR (Lavasoft MAS)Behaviour: Trojan, Backdoor, Worm, WormAutorun
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: f46981183cedb0ecf4e029c6db0782f9
SHA1: 9f924efe39965bf534475dbba27afc03da4e82f3
SHA256: 12bd3946dc30d4fc1366a003fd6efd40c398658624a58e6e6ef1b0ffa66fe5c8
SSDeep: 3072:M 244PtNpyyvgeMPUs200moFrCjjq1awEK5Owdoutq:x4VvyyvtoS
Size: 228352 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: MicrosoftVisualBasicv50v60, UPolyXv05_v6
Company: WinterSoft
Created at: 1999-08-26 14:54:06
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer. |
Process activity
The Trojan creates the following process(es):
File activity
Registry activity
Network activity (URLs)
No activity has been detected.
HOSTS file anomalies
The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 22953 bytes in size. The following strings are added to the hosts file listed below:
173.201.178.105 | viabcp.com |
173.201.178.105 | www.viabcp.com |
173.201.178.105 | bcpzonasegura.viabcp.com |
173.201.178.105 | bn.com.pe |
173.201.178.105 | www.bn.com.pe |
153.132.76.177 | iniciorapido.info |
129.84.152.203 | www.iniciorapido.info |
118.117.54.242 | buscalo.in |
120.230.36.107 | www.buscalo.in |
15.101.32.52 | buscafacil.com |
180.121.108.78 | www.buscafacil.com |
169.154.10.118 | emsisoft.com |
239.12.249.50 | ahnlab.com |
66.139.244.251 | antivir.es |
42.90.65.210 | antiy.net |
31.123.222.61 | authentium.com |
33.237.137.181 | avast.com |
184.176.200.127 | avg.com |
92.128.21.85 | bitdefender.com |
81.160.178.192 | quickheal.com |
151.18.93.56 | clamav.net |
234.145.157.2 | comodo.com |
142.165.233.28 | drweb.com |
131.198.135.67 | aladdin.com |
201.55.49.188 | ca.com |
96.182.113.133 | f-prot.com |
5.134.189.159 | f-secure.com |
250.235.91.199 | fortinet.com |
64.25.6.63 | gdata.es |
147.219.69.8 | ikarus.at |
55.171.146.35 | jiangmin.com |
44.204.47.74 | kaspersky.com |
114.62.218.6 | mcafee.com |
9.1.25.140 | microsoft.com |
173.209.102.166 | eset.es |
162.241.3.17 | norman.com |
232.99.174.137 | nprotect.com |
59.226.238.83 | pandasecurity.com |
223.246.58.41 | pctools.com |
212.23.148.148 | prevx.com |
26.68.130.13 | rising-global.com |
109.7.126.214 | sophos.com |
86.215.14.240 | sunbeltsoftware.com |
75.248.104.24 | symantec.com |
77.106.87.144 | hacksoft.com.pe |
228.44.82.89 | trendmicro.com |
136.252.227.116 | anti-virus.by |
125.29.60.155 | hauri.net |
195.143.43.19 | virusbuster.hu |
22.14.38.221 | www.emsisoft.com |
254.34.115.247 | www.ahnlab.com |
243.66.16.30 | www.antivir.es |
245.112.255.150 | www.antiy.net |
140.51.251.96 | www.authentium.com |
48.3.71.122 | www.avast.com |
37.36.229.229 | www.avg.com |
107.149.211.94 | www.bitdefender.com |
190.88.207.39 | www.quickheal.com |
99.40.27.253 | www.clamav.net |
88.73.185.105 | www.comodo.com |
158.187.168.225 | www.drweb.com |
53.58.163.170 | www.aladdin.com |
217.77.240.129 | www.ca.com |
206.110.141.236 | www.f-prot.com |
20.224.124.100 | www.f-secure.com |
103.95.119.46 | www.fortinet.com |
11.47.196.72 | www.gdata.es |
0.79.97.111 | www.ikarus.at |
70.193.80.231 | www.jiangmin.com |
153.132.76.177 | www.kaspersky.com |
129.84.152.203 | www.mcafee.com |
118.117.54.242 | www.microsoft.com |
120.230.36.107 | www.eset.es |
15.101.32.52 | www.norman.com |
180.121.108.78 | www.nprotect.com |
169.154.10.118 | www.pandasecurity.com |
239.12.249.50 | www.pctools.com |
66.139.244.251 | www.prevx.com |
42.90.65.210 | www.rising-global.com |
31.123.222.61 | www.sophos.com |
33.237.137.181 | www.sunbeltsoftware.com |
184.176.200.127 | www.symantec.com |
92.128.21.85 | www.hacksoft.com.pe |
81.160.178.192 | www.trendmicro.com |
151.18.93.56 | www.anti-virus.by |
234.145.157.2 | www.hauri.net |
142.165.233.28 | www.virusbuster.hu |
131.198.135.67 | www.emsisoft.com |
201.55.49.188 | www.anti-trojan.net |
96.182.113.133 | malwarescan.emsisoft.com |
5.134.189.159 | forum.emsisoft.com |
250.235.91.199 | www.emsisoft.net |
64.25.6.63 | www.emsisoft.it |
147.219.69.8 | www.emsisoft.de |
55.171.146.35 | www.anti-trojan-software.net |
44.204.47.74 | mamutu.com |
114.62.218.6 | www.emsisoft.es |
9.1.25.140 | malwarescan.emsisoft.de |
173.209.102.166 | ww.emsisoft.com |
162.241.3.17 | www.emsisoft.fr |
232.99.174.137 | www.emsisoft.nl |
59.226.238.83 | onlinecheck.emsisoft.com |
223.246.58.41 | onlinecheck.emsisoft.de |
212.23.148.148 | www.emsisoft.org |
26.68.130.13 | scan.anti-trojan.net |
109.7.126.214 | www.trojaner.info |
86.215.14.240 | onlinecheck.emsisoft.org |
75.248.104.24 | onlinecheck.emsisoft.net |
77.106.87.144 | blitzblank.com |
228.44.82.89 | www.emsisoft.at |
136.252.227.116 | www.emsisoft.jp |
125.29.60.155 | www.mamutu.com |
195.143.43.19 | malwarescan.emsisoft.es |
22.14.38.221 | www.mamutu.de |
254.34.115.247 | download5.emsisoft.com |
243.66.16.30 | download1.emsisoft.com |
245.112.255.150 | download4.emsisoft.com |
140.51.251.96 | global.ahnlab.com |
48.3.71.122 | www.hackshields.com |
37.36.229.229 | www.internationalservicecheck.com |
107.149.211.94 | www.irangoals.com |
190.88.207.39 | ixomodels.com |
99.40.27.253 | www.indielisboa.com |
88.73.185.105 | www.latin-mass-society.org |
158.187.168.225 | www.arpia.be |
53.58.163.170 | www.owen.org |
217.77.240.129 | www.prdouglas.co.uk |
206.110.141.236 | www.zarya.info |
20.224.124.100 | www.willsee.com |
103.95.119.46 | halmapr.com |
11.47.196.72 | karuna-shechen.org |
0.79.97.111 | www.barder.com |
70.193.80.231 | www.antivir.es |
153.132.76.177 | www.buraka.tv |
129.84.152.203 | www.dr-bull.com |
118.117.54.242 | www.manchester-offices.co.uk |
120.230.36.107 | saverssite.com |
15.101.32.52 | canada.karuna-shechen.org |
180.121.108.78 | developmentdrums.org |
169.154.10.118 | www.imddomains.co.uk |
239.12.249.50 | cutlines.org |
66.139.244.251 | elblogdemanu.com |
42.90.65.210 | ruben.bzin.net |
31.123.222.61 | welkam.co.jp |
33.237.137.181 | www.cambridge-steiner-school.co.uk |
184.176.200.127 | naturesimages.net |
92.128.21.85 | www.1stavenuelimousines.co.uk |
81.160.178.192 | www.mtr-design.com |
151.18.93.56 | dev.depeuter.org |
234.145.157.2 | www.emeraldclassic.co.uk |
142.165.233.28 | www.peterhearnwaste.co.uk |
131.198.135.67 | etrr.co.uk |
201.55.49.188 | www.avoncourt.com |
96.182.113.133 | sarahmcconnellphotography.net |
5.134.189.159 | www.ixomodels.com |
250.235.91.199 | natsko.com |
64.25.6.63 | www.nottinghampoetryseries.com |
147.219.69.8 | www.sheffieldmind.co.uk |
55.171.146.35 | ixostore.ixomodels.com |
44.204.47.74 | www.flairweddings.co.uk |
114.62.218.6 | www.fimasys.com |
9.1.25.140 | cohartuk.com |
173.209.102.166 | qqjkw.net |
162.241.3.17 | vivo-austin.com |
232.99.174.137 | www.freeality.com |
59.226.238.83 | bestofewan.com |
223.246.58.41 | www.handwritingforkids.com |
212.23.148.148 | cowsmo.com |
26.68.130.13 | www.2xlgames.com |
109.7.126.214 | kimzimmer.net |
86.215.14.240 | basetendencies.com |
75.248.104.24 | trackingtheworld.com |
77.106.87.144 | www.reviewsofbooks.com |
228.44.82.89 | www.collectedcurios.com |
136.252.227.116 | www.renningers.com |
125.29.60.155 | ccslaughterspdx.com |
195.143.43.19 | www.briarhurst.com |
22.14.38.221 | www.smf.org |
254.34.115.247 | ribbonwarehouse.com |
243.66.16.30 | www.garryowen.com |
245.112.255.150 | 45pounds.com |
140.51.251.96 | isotopecomics.com |
48.3.71.122 | roysephotos.com |
37.36.229.229 | www.stadiumpage.com |
107.149.211.94 | www.elvis-express.com |
190.88.207.39 | www.tomorrowsedge.net |
99.40.27.253 | www.beautybar.com |
88.73.185.105 | pineleafboys.com |
158.187.168.225 | www.mountainlakeslodge.com |
53.58.163.170 | pvtc.org |
217.77.240.129 | bhsbees.com |
206.110.141.236 | baristamagazine.com |
20.224.124.100 | www.gokidding.com |
103.95.119.46 | defalcos.com |
11.47.196.72 | www.celticmerchant.com |
0.79.97.111 | www.hxproduction.com |
70.193.80.231 | www.wellgousa.com |
153.132.76.177 | blog.titanium-jewelry.com |
129.84.152.203 | www.brightoctober.com |
118.117.54.242 | hishomeforchildren.com |
120.230.36.107 | www.phoenixtrikeworks.com |
15.101.32.52 | www.professorbeyer.com |
180.121.108.78 | www.secondchanceboxer.com |
169.154.10.118 | www.residentphotography.com |
83.112.92.150 | woottonfootball.com |
166.238.88.95 | www.deborahshelton.net |
142.190.165.53 | bobbondart.com |
131.223.66.161 | www.authentium.com |
133.81.237.25 | asap.authentium.com |
28.20.44.226 | www.authentium.com.au |
192.227.121.185 | avast.com |
181.4.22.36 | www.avast.com |
251.118.193.156 | files.avast.com |
78.245.1.102 | download535.avast.com |
242.9.77.128 | avg.com |
231.42.235.167 | www.avg.com |
45.155.149.32 | grisoft.com |
196.26.213.233 | www.grisoft.com |
104.234.33.3 | antivirus-tools.com |
93.79.191.43 | archive.bitdefender.com |
164.125.105.163 | avx.rob-have.net |
247.63.169.108 | b-have.orgbitdefender-ar.com |
155.15.246.134 | bitdefender.com |
144.48.147.174 | bitdefender.org |
214.162.62.106 | bitdefenderchina.com |
109.101.125.239 | bitdefenderguatemala.com |
17.52.202.10 | bitdefendermalaysia.com |
6.85.103.117 | bitdefendertaiwan.com |
76.199.18.237 | bitdefenderuruguay.com |
159.70.81.183 | bitdefenderusa.com |
67.90.158.141 | buy.bitdefender-es.com |
56.123.248.248 | buy.bitdefender.com |
126.168.230.113 | buy.bitdefender.de |
209.107.226.58 | de.bitdefender.com |
185.59.114.84 | fr.bitdefender.com |
174.92.204.124 | futurenow.bitdefender.com |
245.18.254.56 | it.bitdefender.com |
140.212.250.1 | jobs.bitdefender.com |
48.164.139.27 | kb.bitdefender.com |
37.197.228.67 | kb.bitdefender.de |
107.55.211.187 | kb.bitdefender.us |
190.182.206.132 | latin.bitdefender.com |
166.201.27.159 | linux.bitdefender.com |
155.234.184.198 | malwarecity.com |
157.24.167.62 | malwarecity.netmalwarecity.org |
52.219.162.8 | malwarepedia.com |
216.171.239.34 | neunet.orgnews.bitdefender.com |
205.204.141.141 | nl.bitdefender.com |
19.61.123.6 | renewals.bitdefender.com |
102.0.119.207 | sales.bitdefender.com |
10.208.195.165 | square.bitdefender.com |
255.241.97.17 | store.bitdefender.com |
70.99.79.137 | store.de.bitdefender.com |
221.225.75.82 | us.bitdefender.com |
129.245.152.40 | virusscanonline.net |
118.22.53.148 | wedoantivirus.com |
188.136.36.12 | www.antivirus-tools.com |
15.7.31.213 | www.avx.ro |
179.214.108.240 | www.bit-defender.de |
168.247.9.23 | www.bitdefende.de |
238.105.248.143 | www.bitdefender-es.com |
65.44.243.89 | www.bitdefender.be |
41.252.64.115 | www.bitdefender.cl |
30.29.222.154 | www.bitdefender.co.uk |
32.142.204.19 | www.bitdefender.com |
183.13.200.220 | www.bitdefender.com.au |
91.33.20.246 | www.bitdefender.com.sg |
148.134.246.98 | www.bitdefender.com.tw |
219.248.228.30 | www.bitdefender.com.vn |
46.118.224.231 | www.bitdefender.de |
22.70.45.189 | www.bitdefender.es |
11.103.202.41 | www.bitdefender.fr |
13.217.117.161 | www.bitdefender.hk |
164.156.180.106 | www.bitdefender.us |
72.107.1.65 | www.bitdefenderme.com |
61.140.158.172 | www.malwarecity.com |
131.254.73.36 | www.malwarecity.fr |
214.125.136.238 | quickheal.com |
122.145.213.8 | www.quickheal.com |
111.177.115.47 | www.clamav.net |
181.35.29.168 | cgi.clamav.net |
76.162.93.113 | lurker.clamav.net |
240.114.169.139 | wwws.clamav.net |
229.215.71.179 | lists.clamav.net |
44.5.241.43 | bugs.clamav.net |
127.199.49.244 | system-cleaner.comodo.com |
35.151.126.14 | backup.comodo.com |
24.184.27.54 | www.comodoantispam.com |
94.42.198.242 | easy-vpn.comodo.com |
245.237.5.119 | www.trustlogo.com |
153.188.82.146 | ztl.comodo.com |
210.33.51.65 | www.livepcsupport.com |
24.147.222.185 | www.whichssl.com |
107.18.29.131 | www.trustix.com |
15.38.106.89 | disk-encryption.comodo.com |
4.70.196.196 | speedtest.comodo.com |
74.116.178.61 | www.contentverification.com |
157.55.174.6 | idauthority.com |
133.7.62.32 | www.comodo.tv |
122.40.152.72 | online-backup.comodo.com |
125.154.134.192 | www.testmypcsecurity.com |
20.92.130.137 | www.ccssforum.org |
184.44.19.163 | i-vault.comodo.com |
173.77.108.203 | internetsecurity.comodo.com |
243.191.91.67 | www.comodopartners.com |
70.62.86.12 | timestamp.comodoca.com |
46.81.163.39 | secure-email.comodo.com |
35.114.64.78 | timestamp.wosign.com |
37.160.47.198 | rover800.gaima.co.uk |
188.99.42.144 | www.nsclean.com |
96.51.119.170 | www.contentverification.com |
85.83.21.21 | new-estore.drweb.com |
155.197.3.142 | support.drweb.com |
238.136.255.87 | pda.drweb.com |
146.88.75.45 | updates.drweb.com |
135.121.233.153 | drweb.com |
206.235.215.17 | vms.drweb.com |
101.105.211.218 | solutions.drweb.com |
9.125.32.176 | news.drweb.com |
254.158.189.28 | my.drweb.com |
68.16.172.148 | buy.drweb.com |
151.143.167.93 | products.drweb.com |
95.131.24.156 | new-support.drweb.com |
84.163.181.195 | promotions.drweb.com |
154.21.164.59 | network.drweb.com |
237.216.160.5 | customers.drweb.com |
213.168.236.31 | store.drweb.com |
202.201.138.70 | company.drweb.com |
204.58.120.191 | training.drweb.com |
99.185.116.136 | license.drweb.com |
7.205.192.162 | cureit.ru |
253.238.94.202 | free.drweb.com |
67.96.76.134 | info.drweb.com |
150.222.72.79 | new-partners.drweb.com |
126.174.149.38 | drweb.net |
115.207.50.145 | new-company.drweb.com |
117.65.221.9 | new-beta.drweb.com |
12.4.28.210 | new-forum.drweb.com |
176.212.105.169 | secure.av-desk.com |
165.244.6.20 | www.av-desk.com |
235.102.177.140 | new-solutions.drweb.com |
62.229.241.86 | new-www.drweb.com |
226.249.61.112 | www.freedrweb.ru |
215.26.219.151 | daniloff.net |
29.139.133.16 | drweb-inside.com |
180.10.197.217 | drwebinside.com |
88.218.17.243 | aladdin.com |
78.63.175.27 | alladdin.ru |
148.109.89.147 | chickensroamfree.com |
231.47.153.92 | ealaddin.net |
207.67.42.187 | ealaddin.orgeshop.aladdin.com |
196.100.199.226 | secureme.com |
10.214.114.158 | www.aks.com |
161.153.177.35 | www.aladdin.com |
69.104.254.62 | www.ealaddin.com |
58.137.155.169 | www.ealaddin.com |
128.251.70.33 | auwww.ealaddin.nl |
211.122.134.235 | www.esafe.com |
119.142.210.193 | www.hasp.se |
108.175.44.44 | www.safenet-inc.com |
178.220.26.165 | www3.safenet-inc.com |
5.159.22.110 | www.ca.com |
237.111.166.136 | cacomvip.ca.com |
227.144.0.244 | www.netegrity.com |
41.70.50.108 | search.ca.com |
192.8.46.53 | cai.com |
100.216.191.80 | www.f-prot.com |
89.249.24.119 | frisk-software.com |
159.107.7.239 | www.frisk.is |
242.234.2.184 | www.frisk-software.com |
218.253.79.211 | f-secure.com |
207.30.236.250 | f-secure.frf-secure.hk |
209.76.219.114 | f-secure.nlfsecure.com |
104.15.215.60 | fsecure.nlwebyard.com |
12.223.35.86 | www.f-secure.com |
1.0.193.193 | www.fsecure.com |
71.113.175.58 | www.virus.fi |
154.52.171.3 | fortihero.com |
62.4.247.217 | fortilog.com |
52.37.149.69 | fortinet.co.at |
122.151.131.189 | fortinet.com |
17.21.127.134 | fortiprotect.com |
181.41.204.161 | fortiwifi.com |
238.142.173.12 | www.apsecure.com |
52.0.156.132 | www.fortifed.com |
135.127.151.77 | www.fortiid.com |
43.78.228.104 | www.fortimail.com |
32.111.129.143 | www.fortinet-apac.com |
75.198.85.236 | www.fortinet.ch |
158.137.81.182 | www.fortinet.co.il |
134.89.157.208 | www.fortinet.com |
123.122.59.247 | www.fortinet.com |
125.235.41.112 | arwww.fortinet.cz |
20.106.37.57 | www.fortinet.net |
184.126.113.83 | www.fortinet.nl |
174.159.15.123 | www.fortinet.sg |
244.17.253.55 | www.fortinetuk.com |
71.143.249.0 | www.secure-elements.com |
47.95.70.215 | gdata.es |
104.196.39.134 | www.gdata.es |
106.54.210.254 | ikarus.at |
1.249.17.199 | www.ikarus.at |
165.200.94.158 | global.jiangmin.com |
154.233.251.9 | jiangmin.com.cn |
224.91.166.129 | jiangmin.com |
51.218.230.75 | www.jiangmin.com.cn |
215.238.50.101 | www.kaspersky.com |
204.15.208.140 | forum.kaspersky.com |
18.128.122.5 | support.kaspersky.co |
169.255.186.206 | usa.kaspersky.com |
77.207.6.232 | brazil.kaspersky.com |
134.120.232.84 | latam.kaspersky.com |
205.166.146.204 | kaspersky.com |
32.104.210.149 | me.kaspersky.com |
196.56.31.175 | images.kaspersky.com |
185.89.188.215 | www.mcafee.com |
255.203.103.147 | support.mcafee.com |
150.142.166.24 | msr.mcafee.com |
58.93.243.51 | home.mcafee.com |
47.126.144.158 | networkassociates.com |
185.52.127.90 | us.mcafee.com |
12.179.190.36 | tr.mcafee.com |
176.199.11.250 | au.mcafee.com |
165.232.101.101 | mx.mcafee.com |
235.21.83.222 | networkassociates.nai.com |
62.216.79.167 | go.mcafee.com |
38.168.223.193 | fr.mcafee.com |
27.201.57.233 | uk.mcafee.com |
30.59.39.97 | de.mcafee.com |
181.253.35.42 | obscgi.mcafee.com |
89.205.180.68 | nai.com |
78.238.13.212 | www.entercept.com |
252.200.100.76 | jp.mcafee.com |
79.71.95.21 | mcafeeb2b.com |
55.91.172.48 | cn.mcafee.com |
44.123.73.87 | service.mcafee.com |
46.169.56.207 | br.mcafee.com |
197.108.52.153 | www.mcafee.at |
105.60.128.179 | mcafeeretail.com |
94.93.30.30 | it.mcafee.com |
164.206.12.151 | tw.mcafee.com |
247.145.8.96 | privacy.microsoft.com |
155.97.84.54 | tempuri.org |
145.130.242.162 | schemas.xmlsoap.org |
215.244.225.26 | www.microsoft.com |
110.114.220.227 | specs.xmlsoap.org |
86.202.109.254 | www.eugrantsadvisor.ie |
75.235.10.105 | schemas.microsoft.com |
145.93.249.225 | encarta.msn.com |
228.220.244.170 | www.sysinternals.com |
136.172.65.197 | grv.microsoft.com |
125.204.222.236 | www.xmlsoap.org |
195.62.205.100 | www.eugrantsadvisor.se |
90.69.13.114 | www.eugrantsadvisor.com |
66.21.89.140 | research.microsoft.com |
55.54.247.179 | www.engyro.com |
57.167.229.44 | www.exchangeyourcareer.com |
208.38.225.245 | www.eugrantsadvisor.de |
116.58.45.15 | exchangeyourcareer.net |
106.91.203.55 | eugrantsadvisor.de |
176.205.185.243 | eugrantsadvisor.cz |
3.75.181.188 | www.eset.es |
235.27.2.147 | demos.eset.es |
224.60.159.254 | descargas.eset.es |
70.18.174.218 | blogs.protegerse.com |
221.213.237.163 | eos.eset.es |
129.164.58.122 | pedidos.protegerse.com |
186.9.27.41 | reg-int.nod32-es.com |
0.123.198.161 | reg.eset.es |
83.250.5.107 | vicentevirtual.com |
247.14.82.133 | cou85.com |
236.46.240.172 | www.norman.com |
50.160.154.37 | fsc.norman.com |
201.31.218.238 | nprobeta.norman.com |
109.239.38.8 | register.norman.com |
98.84.196.47 | webadmin.norman.no |
168.130.110.168 | sandbox.norman.com |
252.136.242.181 | www.nprotect.com |
228.88.62.207 | global.nprotect.com |
217.121.220.247 | www.nprotect.co.kr |
31.235.135.179 | www.npin.co.kr |
182.174.198.56 | siren24.nprotect.com |
90.125.19.83 | 15660808.co.kr |
79.158.176.190 | biz.nprotect.com |
149.16.91.54 | nprotect.net |
232.143.154.0 | www.nprotect.com.br |
140.163.231.214 | liveprotect.net |
129.195.65.65 | nprotect.seoul.go.kr |
11.53.115.254 | chollian.nprotect.co.kr |
94.248.111.199 | www.pandasecurity.com |
70.200.255.225 | research.pandasecurity.com |
59.233.89.8 | support.pandasecurity.com |
61.90.71.129 | pandalabs.pandasecurity.com |
249.65.103.110 | pandasecurity.com |
157.17.248.136 | mop.pandasecurity.com |
146.50.81.176 | timeforyourbusi.pandasecurity.com |
216.164.64.40 | cybercrime.pandasecurity.com |
43.35.59.241 | free.pandasecurity.com |
19.54.136.12 | cloudprotection.pandasecurity.com |
8.87.37.51 | shop.pandasecurity.com |
10.133.20.171 | soporte.pandasecurity.com |
161.72.15.117 | together.pctools.com |
69.24.92.143 | www.prevx.com |
58.57.250.250 | info.prevx.com |
128.170.232.115 | free.prevx.com |
211.109.228.60 | spywarefiles.prevx.com |
119.61.48.18 | spywaredlls.prevx.com |
108.94.206.126 | shield.prevx.com |
179.208.188.246 | www.prevx1.com |
74.78.184.191 | howsafeismypc.com |
50.166.73.217 | www.retento.com |
39.199.230.69 | www.freerav.com |
109.57.213.189 | www.rising-global.com |
192.184.208.134 | www.risingav.com.au |
100.135.29.161 | support.rising-global.com |
89.168.186.200 | superboy2010.com.au |
159.26.169.64 | www.sophos.com |
242.221.164.10 | feeds.sophos.com |
218.173.241.36 | esp.sophos.com |
207.205.143.75 | cn.sophos.com |
209.63.125.196 | tw.sophos.com |
104.190.121.141 | kr.sophos.com |
12.210.197.167 | sophos.com |
1.243.99.207 | podcasts.sophos.com |
72.101.81.139 | www.sunbeltsoftware.com |
155.227.77.84 | go.sunbeltsoftware.com |
131.179.154.42 | oem.sunbeltsoftware.com |
120.212.55.150 | antispam.sunbeltsoftware.com |
122.70.226.14 | antispyware.sunbeltsoftware.com |
17.9.33.215 | antivirus.sunbeltsoftware.com |
181.216.110.174 | sunbeltsoftware.com |
170.249.11.25 | shop.sunbeltsoftware.com |
240.107.182.145 | live.sunbeltsoftware.com |
67.234.245.91 | firewall.sunbeltsoftware.com |
231.254.66.117 | www.symantec.com |
220.30.224.156 | security.symantec.com |
34.144.138.21 | securityrespons.symantec.com |
185.15.202.222 | service1.symantec.com |
93.223.22.248 | enterprisesecur.symantec.com |
82.68.180.32 | eval.symantec.com |
153.114.94.152 | symantec.com |
48.120.226.165 | definitions.symantec.com |
212.72.47.191 | investor.symantec.com |
201.105.204.231 | et.symantec.com |
15.219.119.163 | sfdoccentral.symantec.com |
166.158.182.40 | servicenews.symantec.com |
74.109.3.67 | securityrespons.symantec.com |
63.142.160.174 | sea.symantec.com |
133.0.75.38 | go.symantec.com |
216.127.138.240 | dell.symantec.com |
124.147.215.198 | sun.symantec.com |
113.179.49.49 | marian.symantec.com |
183.225.31.170 | tms.symantec.com |
10.164.27.115 | securitycheck.symantec.com |
242.116.171.141 | smallbiz.symantec.com |
231.149.5.181 | www.symantec.com |
234.7.243.45 | visualtracking.symantec.com |
129.201.239.246 | search.symantec.com |
37.153.128.16 | liveupdate.symantec.com |
26.186.217.56 | sitedirector.symantec.com |
96.44.200.176 | edm.symantec.com |
179.171.195.121 | hostedmailsecur.symantec.com |
155.190.16.148 | www4.symantec.com |
144.223.173.187 | education.symantec.com |
146.13.156.51 | vos.symantec.com |
41.208.151.65 | www.hacksoft.com.pe |
17.228.40.91 | hacksoft.pe |
6.4.198.198 | www.hacksoft.pe |
76.118.180.63 | housecall.trendmicro.com |
159.57.176.8 | www.trendmicro.com |
67.9.252.222 | housecall65.trendmicro.com |
56.42.154.73 | us.trendmicro.com |
126.156.136.194 | blog.trendmicro.com |
22.26.132.139 | emea.trendmicro.com |
186.46.209.97 | housecall60.trendmicro.com |
175.79.110.205 | jp.trendmicro.com |
245.193.93.69 | de.trendmicro.com |
72.64.88.14 | it.trendmicro.com |
236.15.165.41 | itw.trendmicro.com |
225.48.66.80 | esupport.trendmicro.com |
39.162.49.200 | es.trendmicro.com |
122.101.44.146 | br.trendmicro.com |
98.53.121.172 | tw.trendmicro.com |
59.58.251.184 | la.trendmicro.com |
62.172.233.48 | uk.trendmicro.com |
213.42.229.249 | ru.trendmicro.com |
121.62.50.19 | smbstore.trendmicro.com |
110.95.207.59 | apac.trendmicro.com |
180.209.190.247 | store.trendmicro.com |
7.80.185.192 | training.trendmicro.com |
239.31.6.151 | trial.trendmicro.com |
228.64.163.2 | ushousecall02.trendmicro.com |
230.178.78.122 | subwiz.trendmicro.com |
125.117.141.68 | go.trendmicro.com |
33.69.218.26 | feeds.trendmicro.com |
22.101.120.133 | channelpartner.trendmicro.com |
92.215.34.254 | wtc.trendmicro.com |
175.86.98.199 | shop.trendmicro.com |
83.106.174.225 | fr.trendmicro.com |
72.139.76.9 | threatinfo.trendmicro.com |
143.253.246.129 | newsletters.trendmicro.com |
38.123.54.74 | www.anti-virus.by |
202.75.131.100 | bg.virusblokada.com |
191.176.32.140 | www.vba.com.by |
5.222.203.4 | beta.anti-virus.by |
88.161.10.205 | www.bg.virusblokada.com |
252.112.87.232 | www.hauri.net |
241.145.244.15 | www.hauri.co.kr |
55.3.159.203 | company.hauri.net |
206.198.222.81 | www.globalhauri.com |
114.150.43.107 | shop.hauri.co.kr |
171.250.13.26 | hauri.co.kr |
241.108.183.147 | pg.hauri.net |
68.235.247.92 | esecurity.livecall.co.kr |
232.255.67.50 | mall.hauri.co.kr |
221.32.157.158 | company.hauri.co.kr |
35.78.139.22 | haurijapan.com |
119.16.135.223 | virobot.co.kr |
95.224.24.249 | www.virusbuster.hu |
84.1.113.33 | virusbuster.hu |
86.115.96.153 | scanner.novirusthanks.org |
237.54.91.98 | scanner2.novirusthanks.or |
145.5.236.125 | novirusthanks.org |
134.38.69.164 | www.novirusthanks.org |
204.152.52.28 | virustotal.com |
99.91.115.42 | www.virustotal.com |
75.111.192.68 | virscan.org |
64.143.94.107 | www.virscan.org |
66.189.76.228 | virusscan.jotti.org |
217.128.72.173 | jotti.org |
125.80.148.199 | www.jotti.org |
114.113.50.50 | viruschief.com |
184.227.32.171 | www.viruschief.com |
12.165.28.116 | scanner.virus.org |
244.185.173.142 | virus.org |
233.218.74.250 | www.virus.org |
47.76.57.114 | scan4you.net |
198.203.52.59 | www.scan4you.net |
106.222.129.18 | avhide.com |
131.35.66.161 | www.avhide.com |
201.149.49.25 | anubis.iseclab.org |
28.20.45.227 | iseclab.org |
192.228.121.253 | www.iseclab.org |
181.5.23.36 | threatexpert.com |
251.118.5.157 | www.threatexpert.com |
78.57.1.102 | forospyware.com |
54.9.77.128 | www.forospyware.com |
43.42.235.168 | in.answers.yahoo.com |
114.224.29.100 | es.answers.yahoo.com |
9.94.25.45 | kioskea.net |
173.114.102.71 | www.kioskea.net |
162.147.3.111 | es.kioskea.net |
232.5.242.43 | mygeekside.com |
59.132.237.244 | www.mygeekside.com |
35.83.58.203 | www.tecniservicioslys.com |
92.184.27.122 | tecniservicioslys.com |
94.42.198.242 | virusfreezone.info |
245.237.5.188 | www.virusfreezone.info |
153.189.82.146 | intranet.cidiroax.ipn.mx |
142.222.240.253 | spycheck.es |
212.79.154.118 | www.spycheck.es |
39.206.218.63 | antivirus.hispavista.com |
203.226.38.89 | computing.net |
192.3.196.129 | www.computing.net |
7.117.110.249 | spycheck.co.uk |
158.243.174.194 | www.spycheck.co.uk |
66.195.251.220 | midescargas.com |
55.40.152.4 | www.midescargas.com |
193.154.135.192 | static.yoreparo.com |
20.93.198.137 | softfaq.com |
184.44.19.164 | www.softfaq.com |
173.77.176.203 | configurarequipos.com |
243.191.91.135 | www.configurarequipos.com |
138.130.154.13 | seasonsecurity.com |
46.82.231.39 | www.seasonsecurity.com |
135.214.232.246 | removetrojanvirus.org |
205.72.147.110 | www.removetrojanvirus.org |
32.199.211.56 | ibusca.me |
196.219.31.14 | www.ibusca.me |
185.252.121.121 | busco.in |
255.41.103.242 | www.busco.in |
82.236.99.187 | inicioid.com |
59.188.243.213 | www.inicioid.com |
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Trojan's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Delete the original Trojan file.
- Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
- Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.