GPK/Glupzy-A

Category: Viruses and Spyware Protection available since:01 Sep 2010 23:33:33 (GMT)
Type: Malicious behavior Last Updated:01 Sep 2010 23:33:33 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of GPK/Glupzy-A include:

Example 1

Other vendor detection

Trend
WORM_FLASHY.B

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\Flashy.exe
  • F:/Flashy.exe
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\systemID.pif
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoFolderOptions
    0x00000002
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
    Start
    0x00000002
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    HideFileExt
    0x00000002
Processes Created
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe

Example 2

Other vendor detection

Avira
TR/Disabler.I
Kaspersky
Trojan.Win32.Disabler.be
Trend
TROJ_AGENT.SEYT

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\Flashy.exe
  • F:/Flashy.exe
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\systemID.pif
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Flashy Bot
    43 3a 5c 57 49 4e 44 4f 57 53 5c 73 79 73 74 65 6d 33 32 5c 46 6c 61 73 68 79 2e 65 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoFolderOptions
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    Hidden
    0x00000002
Processes Created
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe

Example 3

Other vendor detection

Trend
TROJ_AGENT.SEYT

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\Flashy.exe
  • F:/Flashy.exe
  • c:\Documents and Settings\test user\Start Menu\Programs\Startup\systemID.pif
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Flashy Bot
    43 3a 5c 57 49 4e 44 4f 57 53 5c 73 79 73 74 65 6d 33 32 5c 46 6c 61 73 68 79 2e 65 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NoFolderOptions
    0x00000001
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    Hidden
    0x00000002
Processes Created
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy