W32/Anig-A

Kategorie: Viren und Spyware Schutz verfügbar seit:30 Jan 2004 00:00:00 (GMT)
Typ: Win32 executable file virus Zuletzt aktualisiert:20 Mai 2010 11:15:09 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

W32/Anig-A is a worm that can spread by copying itself over network shares.
W32/Anig-A can also be used to steal passwords.

W32/Anig-A copies itself to <Windows>\System32 using its original filename and
creates the following registry entry in order to run on system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Osa32

W32/Anig-A attempts to spread by copying itself to the share ADMIN$ on remote
machines.

W32/Anig-A may drop a DLL file with keylogging functionality called GinaDLL.DLL
and open port 5190 in order to receive remote commands.

W32/Anig-A registers itself as a service called Distributed File Controller
by creating the following registry entries:

HKLM\System\CurrentControlSet\Services\dfcsvc

DependOnGroup = ""
DependOnService = RpcSS
DisplayName = Distributed File Controller
Error Control = 0x0
ImagePath = <filename> /dfcsvc
ObjectName = LocalSystem
Start = 0x2
Type = 0x110

W32/Anig-A may also create the following registry entries:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

GinaDll = ntgina.dll
Ram32Data
Ram32ID
Ram32Group

Download Sophos Produkte kostenlos testen
Jetzt downloaden

© 1997 - 2012 Sophos Ltd. Alle Rechte vorbehalten. Rechtliche Hinweise Datenschutzrichtlinie Impressum