Desktop Echo

Kategorie: Adware und PUAs Schutz verfügbar seit:19 Mrz 2014 10:09:21 (GMT)
Typ: Remote Administration Tool Zuletzt aktualisiert:19 Mrz 2014 10:09:21 (GMT)

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Desktop Echo exhibits the following characteristics:

Other vendor detection

Avira
TR/Agent.cada.8024

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\ps.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\KILLPROC.BAT
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-Run.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\LINKID
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\FzGSS.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\zlib.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-Init.inx
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DEHooks.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-INIT.BAT
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-ZBD.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\Kill.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-Pause.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-VNC.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-SHPT.EXE
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-DETV.INI
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\grep.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-LNK.REG
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\Help.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-START.PT1
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\killnt.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\PSOUT.INF
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-ML.BAT
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\REMOTEIP
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\LOGO.JPG
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-VNC.reg
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-DETV.BAT
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-ML.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\de-query.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-START.PT3
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-PREF.ZBD
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE.ico
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\FileZilla Server.xml
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-LI.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ECHO_Share_1.30\DE-FZ.exe
Registry Keys Created
  • HKCU\Software\DesktopECHO
    HTTPPortNumber
    0x00002042
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1
    CachePath
    C:\DOCUME~1\support\Local Settings\Temporary Internet Files\Content.IE5\Cache1
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Administrative Tools
    c:\Documents and Settings\test user\Start Menu\Programs\Administrative Tools
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4
    CachePath
    C:\DOCUME~1\support\Local Settings\Temporary Internet Files\Content.IE5\Cache4
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Common Startup
    C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3
    CachePath
    C:\DOCUME~1\support\Local Settings\Temporary Internet Files\Content.IE5\Cache3
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2
    CachePath
    C:\DOCUME~1\support\Local Settings\Temporary Internet Files\Content.IE5\Cache2
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths
    Directory
    C:\DOCUME~1\support\Local Settings\Temporary Internet Files\Content.IE5
Processes Created
  • c:\docume~1\support\locals~1\temp\echo_share_1.30\de-run.exe
  • c:\docume~1\support\locals~1\temp\echo_s~1.30\de-fz.exe
  • c:\docume~1\support\locals~1\temp\echo_s~1.30\de-ml.exe
  • c:\docume~1\support\locals~1\temp\echo_s~1.30\de-pause.exe
  • c:\docume~1\support\locals~1\temp\echo_s~1.30\de-query.exe
  • c:\docume~1\support\locals~1\temp\echo_s~1.30\de-vnc.exe
  • c:\docume~1\support\locals~1\temp\echo_s~1.30\de-zbd.exe
  • c:\docume~1\support\locals~1\temp\echo_s~1.30\grep.exe
  • c:\docume~1\support\locals~1\temp\echo_s~1.30\ps.exe
  • c:\windows\regedit.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\mshta.exe
  • c:\windows\system32\ntvdm.exe
HTTP Requests
  • http://64.5.53.205/cgi-bin/LinkID
  • http://64.5.53.205/cgi-bin/RemoteIP
IP Connections
  • 64.5.53.205:21
  • 64.5.53.205:443
  • 64.5.53.205:80

Download Sophos Produkte kostenlos testen
Jetzt downloaden