W32/Anig-C

Kategorie: Viren und Spyware Schutz verfügbar seit:13 Mrz 2010 22:35:12 (GMT)
Typ: Win32 executable file virus Zuletzt aktualisiert:13 Mrz 2010 22:35:12 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

W32/Anig-C is a worm that can spread by copying itself over network shares.
W32/Anig-C can also be used to steal passwords.

W32/Anig-C copies itself to <Windows>\System32 using its original filename and
creates the following registry entry in order to run on system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Osa32

W32/Anig-C attempts to spread by copying itself to the share ADMIN$ on remote
computers.

W32/Anig-C may drop a DLL file with keylogging functionality called GinaDLL.DLL
and open port 5190 in order to receive remote commands.

On NT based versions of Windows, W32/Anig-C registers itself as a
service called <filename> with the display name Distributed File Controller.
The new service has a Startup type of automatic so that the service is
started automatically each time a new Windows session is started.
New registry entries are created beneath the following registry entry:

HKLM\System\CurrentControlSet\Services\dfcsvc

W32/Anig-C may also create the following registry entries:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

GinaDll = ntgina.dll
Ram32Data
Ram32ID
Ram32Group

Download Sophos Produkte kostenlos testen
Jetzt downloaden

© 1997 - 2012 Sophos Ltd. Alle Rechte vorbehalten. Rechtliche Hinweise Datenschutzrichtlinie Impressum