W32/Ngrbot-H

Category: Viruses and Spyware Protection available since:23 May 2012 19:13:03 (GMT)
Type: Win32 worm Last Updated:23 May 2012 19:13:03 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Ngrbot-H exhibits the following characteristics:

File Information

Size
188K
SHA-1
917f3a9ef3a593300bfea8d4de61cb6c6f0ccdb9
MD5
b556db3716f6372b5def131c91b535f6
CRC-32
bd8969bd
File type
Windows executable
First seen
2012-05-16

Other vendor detection

Kaspersky
Worm.Win32.Ngrbot.clh

Runtime Analysis

Copies Itself To
  • F:/RECOVERY/DFG-2352-66235-2352322-634621321-6662355/svhosts.exe
  • c:\Documents and Settings\test user\Application Data\svhosts.exe
Dropped Files
  • F:/RECOVERY/DFG-2352-66235-2352322-634621321-6662355/Desktop.ini
  • F:/autorun.inf
    Size
    261
    SHA-1
    c7a68e3394118167bfe0b5a33aff03891053976e
    MD5
    119e4c3f95244c2a3e0abd26fcb6d377
    CRC-32
    0cfd19d6
    File type
    Configuration Data File (generic)
    First seen
    2011-05-07
  • c:\Documents and Settings\test user\Application Data\svhosts.exe-up.txt
    Size
    12K
    SHA-1
    194934289b1435ea6326370624467bd75135266b
    MD5
    1114c892ba739834d454187c5f1ff361
    CRC-32
    c7953a4a
    File type
    ASCII text / 8-bit Unicode Transformation Format
    First seen
    2012-05-22
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Windows svhost update
    c:\Documents and Settings\test user\Application Data\svhosts.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Windows svhost update
    c:\Documents and Settings\test user\Application Data\svhosts.exe
Processes Created
  • c:\Documents and Settings\test user\application data\svhosts.exe
DNS Requests
  • x.alfaroooq.com

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information