W32/Anig-C

Categoría: Virus y programas espía Protección disponible desde:13 mar 2010 22:35:12 (GMT)
Tipo: Win32 executable file virus Última actualización:13 mar 2010 22:35:12 (GMT)
Predominio:

Download Descargue nuestra herramienta gratuita para la eliminación de virus - Encuentre las amenazas no detectadas por su antivirus

W32/Anig-C is a worm that can spread by copying itself over network shares.
W32/Anig-C can also be used to steal passwords.

W32/Anig-C copies itself to <Windows>\System32 using its original filename and
creates the following registry entry in order to run on system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Osa32

W32/Anig-C attempts to spread by copying itself to the share ADMIN$ on remote
computers.

W32/Anig-C may drop a DLL file with keylogging functionality called GinaDLL.DLL
and open port 5190 in order to receive remote commands.

On NT based versions of Windows, W32/Anig-C registers itself as a
service called <filename> with the display name Distributed File Controller.
The new service has a Startup type of automatic so that the service is
started automatically each time a new Windows session is started.
New registry entries are created beneath the following registry entry:

HKLM\System\CurrentControlSet\Services\dfcsvc

W32/Anig-C may also create the following registry entries:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

GinaDll = ntgina.dll
Ram32Data
Ram32ID
Ram32Group

descargar Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita

© 1997 - 2012 Sophos Ltd. Todos los derechos reservados. Aviso legal Privacidad